Trouble with SAML single sign-on (SSO)

Having trouble configuring SSO? Follow the instructions below to gather information to help our support and engineering teams troubleshoot your issue.

Select when you are experiencing your issue with SSO:

SSO configuration is not successful.

Before you activate activate your SSO configuration, test it using our verification feature.

How to test your SSO configuration

To use our verification feature: 

  1. Log into the Abstract web app, using your Admin credentials.
  2. Select Permissions in the left side pane.
  3. Fill out the Metadata URL and Entity ID fields. Make sure: 
    • you follow our instructions for Okta, Azure AD, AFDS, and Google SAML.
    • the Metadata URL is valid and available from the public internet.
    • the Entity ID matches the one located in the XML Metadata.
  4. Click Test with my account.

If the configuration was successful, you’ll see a “SSO Testing Successful” confirmation screen.If the configuration was not successful, reach out to us

The SP init auth flow will not redirect me to my IdP authentication page.

If the SP init auth flow does not correctly redirect you to your IdP authentication page, send us the SAMLRequest to help troubleshoot your issue.

How to capture the SAMLRequest in the SP init auth flow

  1. Open Google Chrome. 
  2. Right-click the page and select Inspect
  3. Select the Network tab.
  4. Go to https://app.abstract.com/signin.
  5. Enter your email address.
  6. Click Continue.
  7. In Network tab, select the sub-tab Other.
  8. Select the request matching your IdP.
  9. Under Headers > General > Request URL, copy the SAMLRequest parameter located in the URL.
  10. Go to https://www.samltool.com/url.php
  11. Paste the SAMLRequest parameter in the “URL Decode” field.
  12. Click the URL Decode Data button.
  13. Copy the “URL Decoded Data” field.
  14. Go to https://www.samltool.com/decode.php.
  15. Paste the data in the “Deflated and Encoded XML” field. 
  16. Click Decode and Inflate XML.
  17. Select everything in the “XML” field. This is the SAMLRequest.
  18. Send us an email including this SAMLRequest.

The authentication flow will not grant me access to Abstract after successfully authenticating with my IdP. 

If the the authentication flow does not grant you access to Abstract after successfully authenticating with your IdP, send us the SAMLResponse to help troubleshoot your issue.

How to capture the SAMLResponse in the authentication flow

  1. Open Google Chrome.
  2. Sign in to your IdP via their website.
  3. Right-click the page and select Inspect.
  4. Select the Network tab.
  5. In Network tab, select the sub-tab Other.
  6. Select the response on the left matching the URL auth.goabstract.com/saml/response.
  7. Under Headers > Form Data, copy the SAMLResponse parameter.
  8. Go to https://www.samltool.com/decode.php.
  9. Paste the SAMLResponse in the “Deflated and Encoded XML” field. 
  10. Click Decode and Inflate XML.
  11. Select everything in the “Deflated XML” field. This is the SAMLResponse.
  12. Send us an email including this SAMLResponse.

Other

If you’re still having issues with SAML single sign-on, please reach out to us.