Troubleshooting

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu Application Service.

Page last updated:

This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between PLayer7 SiteMinder and Single Sign‑On for VMware Tanzu Application Service.

Layer7 SiteMinder Partnership is Inactive

Symptom:

The error message reads,
The following error occurred: 403 - Request Forbidden. Transaction ID: d5ddb... failed.

Explanations:

  • The Layer7 SiteMinder is inactive in Layer7 SiteMinder.

Service Provider Entity ID Misconfigured

Symptom:

The error message reads,
HTTP Status 403 - Request Forbidden. Transaction ID: 174f3... failed.
Type: status report. Message: Request Forbidden. Transaction ID: 174f3... failed.
Description: Access to the specified resource has been forbidden.

Explanation:

  • The service provider Entity ID is misconfigured in Layer7 SiteMinder.

Incoming SAML message is invalid

Symptom:

The error message reads,
HTTP Status 401 - Authentication failed. Incoming SAML message is invalid.
Type: status report. Message: Authentication failed. Incoming SAML message is invalid.
Description: The request requires HTTP authentication.

Explanation:

  • The identity provider Entity ID is misconfigured in Layer7 SiteMinder or in Single Sign‑On.

  • The Name ID Format was misconfigured in Layer7 SiteMinder.

Assertion Consumer Service URL Misconfigured

Symptom:

The error message reads,
HTTP Status 401 - Authentication failed. Error determining metadata contacts.
Type: status report. Message: Authentication failed. Error determining metadata contacts.
Description: The request requires HTTP authentication.

Explanation:

  • The service provider Assertion Consumer Service (ACS) is misconfigured in Layer7 SiteMinder.

Audience Field Misconfigured

Symptom:

The error message reads,
HTTP Status 401 - Authentication failed. Error validating SAML message.
Type: status report. Message: Authentication failed. Error validating SAML message.
Description: The request requires HTTP authentication.

Explanation:

  • The service provider Audience Field is misconfigured in Layer7 SiteMinder.

Expired Certificate

Symptom:

The error message reads,
The following error occurred: 500 - Internal Error occurred while trying to processing
the request. Transaction ID: 276fB...

Explanation:

  • The certificate has expired in Layer7 SiteMinder.

Identity Provider SSO URL Misconfigured

Symptom:

The error message reads,
HTTP Status 404 - /affwebservices/public/saml2ss. Type: status report.
Message: /affwebservices/public/saml2ss. Description: The requested resource is not available.

Explanation:

  • The identity provider SSO URL is misconfigured in Single Sign‑On.