Troubleshooting

This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Azure Active Directory (AD) and Pivotal Single Sign‑On.

Failed Login

Symptom:

You cannot log in to your Pivotal Single Sign‑On plan.

Solutions:

  • Pivotal recommends using a different browser or deleting your browser cache and history before you log in to your Pivotal Single Sign‑On plan. Your Pivotal Single Sign‑On plan can fail if you are already logged in to Azure AD as the Global Administrator account that was used to set up all the configurations.

  • If your login fails more than five times, Azure locks your account for 30 minutes. There is currently no way to unlock an account in Azure AD, so wait for the lockout period.

  • Pivotal recommends testing your Pivotal Single Sign‑On plan from Azure AD to see the contents of the SAML assertion. For more information, see Test Your Configurations in Azure AD.

App ID Not Found

Symptom:

Azure app id

Explanations:

  • The App ID URI is misconfigured on Azure AD.

Reply URL Does Not Match

Symptom:

Azure reply url

Explanation:

  • The Reply URL is misconfigured on Azure AD.

Missing Name ID

Symptom:

Azure missing nameid

Explanation: