This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between PLayer7 SiteMinder and Single Sign‑On for VMware Tanzu Application Service.

Layer7 SiteMinder Partnership is Inactive

Symptom

You see an error similar to the following screenshot:

The error message reads,
The following error occurred: 403 - Request Forbidden. Transaction ID: d5ddb... failed.

Explanation

The Layer7 SiteMinder is inactive in Layer7 SiteMinder.

Service Provider Entity ID Misconfigured

Symptom

You see an error similar to the following screenshot:

The error message reads,
HTTP Status 403 - Request Forbidden. Transaction ID: 174f3... failed.
Type: status report. Message: Request Forbidden. Transaction ID: 174f3... failed.
Description: Access to the specified resource has been forbidden.

Explanation

The service provider Entity ID is misconfigured in Layer7 SiteMinder.

Incoming SAML message is invalid

Symptom

You see an error similar to the following screenshot:

The error message reads,
HTTP Status 401 - Authentication failed. Incoming SAML message is invalid.
Type: status report. Message: Authentication failed. Incoming SAML message is invalid.
Description: The request requires HTTP authentication.

Explanation

Possible explanations are as follows:

  • The identity provider Entity ID is misconfigured in Layer7 SiteMinder or in Single Sign‑On.

  • The Name ID Format was misconfigured in Layer7 SiteMinder.

Assertion Consumer Service URL Misconfigured

Symptom

You see an error similar to the following screenshot:

The error message reads,
HTTP Status 401 - Authentication failed. Error determining metadata contacts.
Type: status report. Message: Authentication failed. Error determining metadata contacts.
Description: The request requires HTTP authentication.

Explanation

The service provider Assertion Consumer Service (ACS) is misconfigured in Layer7 SiteMinder.

Audience Field Misconfigured

Symptom

You see an error similar to the following screenshot:

The error message reads,
HTTP Status 401 - Authentication failed. Error validating SAML message.
Type: status report. Message: Authentication failed. Error validating SAML message.
Description: The request requires HTTP authentication.

Explanation

The service provider Audience Field is misconfigured in Layer7 SiteMinder.

Expired Certificate

Symptom

You see an error similar to the following screenshot:

The error message reads,
The following error occurred: 500 - Internal Error occurred while trying to processing
the request. Transaction ID: 276fB...

Explanation

The certificate has expired in Layer7 SiteMinder.

Identity Provider SSO URL Misconfigured

Symptom

You see an error similar to the following screenshot:

The error message reads,
HTTP Status 404 - /affwebservices/public/saml2ss. Type: status report.
Message: /affwebservices/public/saml2ss. Description: The requested resource is not available.

Explanation

The identity provider SSO URL is misconfigured in Single Sign‑On.

check-circle-line exclamation-circle-line close-line
Scroll to top icon