If you are having issues with the IdP connection, verify the following:
- Verify that the Address Manager service provider settings and IdP metadata settings are accurate
- Confirm that port 443 has been opened on both Address Manager and the IdP
- Verify that the IdP is functioning normally
- Verify logs/events on the IdP
If you are having issues with the OAuth connection, verify the following:
- Verify the SSO groups sent by the authorization server are the same as the SSO groups created in Address Manager
If you are having login issues when testing the SSO connection, verify the following:
- SSO groups exists in BAM
- SSO groups are mapped to the correct groups on the AD side
- Users exist in Active Directory
- Users have the correct attributes for required access in Address Manager
SSO Logging
Address Manager logs SSO and OAuth events and transactions:
- Address Manager server logs contain SAML response processing and errors. For example, users without a group.
- The connection between Address Manager and the IdP has its own logged error state
- The Events Log shows valid/invalid HTTPS access of IdP
- Increase log level for debugging