Troubleshooting

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.

This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between PLayer7 SiteMinder and Single Sign‑On for VMware Tanzu.

Layer7 SiteMinder Partnership is Inactive

Symptom:

Ca sso inactive

Explanations:

  • The Layer7 SiteMinder is inactive in Layer7 SiteMinder.

Service Provider Entity ID Misconfigured

Symptom:

Ca sso misconfigured entity id

Explanation:

  • The service provider Entity ID is misconfigured in Layer7 SiteMinder.

Incoming SAML message is invalid

Symptom:

Ca sso misconfigured idp entity id

Explanation:

  • The identity provider Entity ID is misconfigured in Layer7 SiteMinder or in Single Sign‑On.

  • The Name ID Format was misconfigured in Layer7 SiteMinder.

Assertion Consumer Service URL Misconfigured

Symptom:

Ca sso acu misconfigured

Explanation:

  • The service provider Assertion Consumer Service (ACS) is misconfigured in Layer7 SiteMinder.

Audience Field Misconfigured

Symptom:

Ca sso audience misconfigured

Explanation:

  • The service provider Audience Field is misconfigured in Layer7 SiteMinder.

Expired Certificate

Symptom:

Ca sso expired cert

Explanation:

  • The certificate has expired in Layer7 SiteMinder.

Identity Provider SSO URL Misconfigured

Symptom:

Ca sso idp url misconfigured

Explanation:

  • The identity provider SSO URL is misconfigured in Single Sign‑On.