VidyoPortal - SAML Troubleshooting

Common Errors: 

1. Invalid XML file – Make sure only one identity is provided in the IdP metadata.
2. Fail to Save IdP Metadata –

In current VidyoPortal release (v3.3.x) IdP metadata is limited to Max 64k, if you have a very long metadata it may be above this limitation and will fail to save. To confirm this is the issue we suggest using a string length calculator to check the metadata length (for example http://string-functions.com/length.aspx ). If it is the issue the metadata can be shorten by removing the returned attributes list.

3. Error validating SAML message – first thing to confirm is that the IdP outgoing claim is set to nameID format.
4. Error Validating SAML message – many times this is related to the way the portal (SP) entityID is configured on the IdP. Confirm with the IdP admin the exact name used for example the portal is set to send “tenant.company.com” and the IdP is configured with Audience of

“https:// tenant.company.com”

5. Error validating SAML message – check the security configuration make sure you test using MetaIOP, if PKIX is a must in your organization please contact support to upload the IdP CA as trusted CA.
6. Error determining metadata contracts – check the IdP entityID, make sure the metadata has the exact name sent by the IdP, for example metadata may have “https://IdPURL” and the IdP is sending back “http://IdPURL”

 Tips: 

1. Use Firefox or Chrome Extensions to via SAML traffic

FF SAML Tracer – https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/

SAML Chrome Panel -  

https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace?

2. For testing Only ask the IdP admin to disable encryption to the Vidyo service, once things are working re-enable encryption. 

3. Due to Browser caching for each configuration change make sure you fully close the browser (and the open plugins), re-open and test again.