IdP-Specific SAML SSO issues

Some problems and workarounds only apply to specific IdPs.

ADFS

Responder error with details mentioning the Scoping element: To fix this problem, select the Include Scoping check box in Advanced Settings. For more information, see Advanced SAML integration settings.

PingFederate

A UAT instance doesn't work in the same browser where a production SSO IDP session existed: This problem is caused by a session cookie handling problem. You can work around it by always creating a new browser session before testing in UAT.

Siteminder

IdP metadata won't save in Jive: OpenSAML has a bug where the validUntil timestamp on the IdP metadata's IDPSSODescriptor is checked incorrectly, and will only pass validation if the timestamp is invalid. The workaround is to remove the IDPSSODescriptor validUntil attribute from the metadata.

AudienceRestriction attribute contains incorrect or multiple entityIDs for Jive instance: This problem occurs when the SP profile name in SiteMinder is not the same as the entityID in Jive, causing a validation error.