Skip to main content

Please log into UltraDNS for full Help Center and Community access

How to Troubleshoot SAML Setups

Updated

Before continuing with the 10 troubleshooting items, please review the following for a successful SAML setup.

  • Please make sure email addresses are unique to only 1 user.
    • Having an API user and SAML user with the same email will cause login conflicts
  • If you're having IDP specific issues, please contact your IDP support team
  • Before requesting a troubleshooting call, we require you to double check your inputs by referring to the SAML Quickstart Guide and/or other SAML documentation.
  • Prior to any calls scheduled, we'll need you to provide the below 10 troubleshooting items
  • Our IDT/IDP team is available for calls most times during 10am-7pm EST Mon-Friday

If you're having login issues or receiving Forgerock error pages, please provide the following:

  1. Confirm only one (1) cert is active for the configuration
  2. User name / email id that they used for the SAML Login
  3. Snapshot of the entire and complete error they got on their browser, with the address bar showing the URL contents
  4. Response XML. Get this response XML using "SAML-tracer" plugin of Firefox browser or "SAML Message Decoder" plugin of Chrome browser. If possible, just provide the SAML Response part and not the trace of all the requests / responses.
  5. The IDP metafile (XML)
  6. Approximate Date / time of try.
  7. What is the ACS URL that is configured on the customer side.
    1. https://amsso.ultradns.com/neusso/Consumer/metaAlias/NSSRealm/nss-sp 
  8. What is the SP Entity ID that is configured on the customer side.
    1. nss-sp-hosted
  9. If you're receiving empty SAML Assertion that means encryption is enabled
    1. Disable encryption
  10. The Mandatory attributes required by UltraDNS in the SAML assertion are "sn", "givename", "mail" and are ALL lowercase with non-empty values and WITHOUT ANY PREFIXES.
    1. Each attribute MUST HAVE a value because no value is a blank value, and will result in a Missing Attributes page error.

    2. See below:

      Attribute Name Comment Example of how it looks in SAML Response
      givenname First name of the logged in user <saml:Attribute Name="givenname"NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
      sn Last name / surname of the logged in user <saml:Attribute Name="sn"NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">
      mail email id of the logged in user <saml:Attribute Name="mail" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

To contact UltraDNS support for assistance, please be sure to provide the above and open a support request. 

Use the Support Portal link at the top of your UltraDNS account to submit a request.

Related to

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles