SSO troubleshooting
For troubleshooting the SSO configuration, Planon recommends to use Mozilla Firefox in combination with the add-on SAML Tracer. This add-on lets you read the messages being sent between the end user (browser), the Identity Broker (Service Provider) and the IDP (Identity provider at customer side).
Make sure the SAML Tracer is enabled when visiting the Planon Cloud environment. All http messages will be recorded. If a message contains a SAML request, it is highlighted and the SAML request can be viewed in the SAML tab. Please ensure that the SAML assertion sent by the Identity Provider meets the prerequisites.
Common issues:
• No format in NameID
• No separate SAML attribute present (this is not needed when the NameID is used as the identifier)