Troubleshooting Guide › Runtime Issues › Federation Single Sign-On Issues › Common Federation Single-Sign-On Issues › Initial SAML Request Succeeds, but the Browser Loops
Initial SAML Request Succeeds, but the Browser Loops
Symptom
The initial SAML request goes through, but then the browser goes into infinite redirects (or loops).
Solution
There could be multiple solutions, including:
- Check that the user exists in both the Identity Provider and Service Provider sides.
- If CloudMinder is the Identity Provider, make sure that the CloudMinder SAML signing certificate - and not the web server SSL certificate - is provided to the Service Provider.
- Confirm that other correct metadata information is exchanged between the Identity Provider and Service Provider.
- Confirm that the Security Proxy Server Agent Configuration Object’s ValidTargetDomain parameter has the correct value. The default setting is .ca.com.
- If CloudMinder is the Identity Provider and Credential Handling Service is used as the delegated authentication method, make sure the partnership’s minimum authentication level is no more than the authentication level of authentication methods provided by the Credential Handling Service.
Copyright © 2013 CA.
All rights reserved.
|
|