Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2386
Views
1
Helpful
2
Replies

Salesforce SSO Issues

yramt
Level 1
Level 1

‎10-26-2017 11:51 AM

TL; DR: I’ve been having issues after Winter 18 and am wondering if Duo recommends switching “Service Provider Initiated Request Binding” from HTTP Redirect to “HTTP Post” in Salesforce’s SSO settings as noted here in the Salesforce community by another user. This conflicts with their setup instructions here.

We’ve been using Duo for SSO for a while; I’ve always had to login to my org before I could use my Salesforce login to access connected apps, the community, etc. Kind of annoying, but workable. If users don’t do things in this order, we get a 404 error. (this applies to connected apps, etc.)

I started noticing problems after Salesforce’s Winter release. I had issues logging into my ETL tool and finally had to uncheck our saved custom domain to get in. Our vendor uses OKTA and couldn’t reproduc the issue. The found the link above and suggested I give this change a shot. I’m looking for advice whether I should since it doesn’t follow the Salesforce SSO setup instructions on the Duo site.

I’ve also had issues opening community links and receiving the 404 error while I was already logged into my production org. The only way to get back in is to refresh my org browser page, which if I’m remote will trigger 2FA once I send the push, I can usually open community links once again.

Labels:
0 Helpful
2 Replies 2

jamieis
Cisco Employee
Cisco Employee

‎10-26-2017 02:56 PM

Hey there @yramt,

My name is Jamie, and I work on the team that does SSO for Duo.

I’m sorry to hear that you’re having problems with SalesForce and the Duo Access Gateway.

I was unable to reproduce the issue but would you be able to send an e-mail to support@duo.com with the details you summarized here so we can track it with a ticket for you? You can tell them to pull in Jamie on the ticket. They may also ask you to provide some logs from your Duo Access Gateway and SalesForce during the times that authentication issues occurred.

Because this also seems to be an issue that popped up after a SalesForce release and it doesn’t look like you’re the only one having problems, I’d recommend contacting SalesForce about this issue as well so we can attack this from both sides.

Thanks,

Jamie

ajay_rawat
Level 1
Level 1

‎06-16-2023 03:46 AM

If you’re experiencing Salesforce Single Sign-On (SSO) issues, there are a few potential causes and troubleshooting steps you can try:

  1. Check SSO Configuration: Ensure that the SSO configuration in Salesforce is set up correctly. Verify that the Identity Provider (IdP) settings, such as the issuer URL, entity ID, and certificate, are accurate. Review the SAML settings and make sure they align with the requirements of your IdP.
  2. IdP Configuration: Double-check the configuration of your Identity Provider. Ensure that the SSO settings in your IdP match the SAML settings in Salesforce. Verify that the necessary attributes (e.g., username, email) are being passed correctly from the IdP to Salesforce.
  3. Certificate Validity: Examine the validity of the certificate used for SSO. If the certificate has expired or is no longer trusted, it can cause authentication issues. Renew or update the certificate as needed and ensure that both Salesforce and the IdP have the correct and up-to-date certificates.
  4. SSO Test and Debugging: Use SSO testing and debugging tools to troubleshoot the issue. Salesforce provides the SAML Single Sign-On Validator tool, which helps validate your SSO configuration and identifies any errors or misconfigurations.
  5. Debug Logs and Error Messages: Analyze the debug logs and error messages generated during the SSO process. These logs can provide valuable information about the cause of the issue. Look for any specific error codes or messages that can guide you towards a solution.
  6. Network and Firewall Issues: Check if there are any network or firewall settings that might be blocking the SSO communication between Salesforce and your IdP. Ensure that the necessary ports and protocols are open and accessible.
  7. Contact Support: If you’ve exhausted all troubleshooting steps and are still facing issues, reach out to Salesforce support or your IdP’s support team for further assistance. Provide them with relevant details, such as error messages, logs, and any recent changes made to your SSO configuration.

please visit the site: https://360degreecloud.com/

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents