If Multi-SSO is installed, check whether SAML installation exits are inactive
After installing Multi-SSO plugin, check whether SAML installation exits are disabled. Doing so will save you time on troubleshooting. Do a similar check for other scripts that have been customized, such as script includes, business rules, and so on. Update versions to the most current script manually.
After enabling Multi-SSO, some SSO validations might fail if the Multi-SSO installation scripts do not execute first.
There are some exception cases where some SAML* installation exits remain active (incorrectly) after the Multi-SSO plugin is installed, for example, if SAML is already active at the time you activated Multiple Single Sign-On and if you already customized the SAML installation exits.
This could cause the logs to show the following errors:
Caused by error in Script Include: 'SAML2_update1' at line 35
32: this.lastGeneratedRequestID = null;
33: this.inResponseTo = null;
34: this.logoutFailureEventId = "saml2.logout.validation.failed";
==> 35: this.certGR = this.getCertGR();
37: // Keep SAMLAssertion object for validation
38: this.SAMLResponseObject = null;
Multi-SSO is replacing the previous SAML installation exits; however, in some cases, the previous SAML installation exits are not disabled.
To resolve the problem, if Multi-SSO is installed correctly, validate that the following installation exits have Active set to False:
For more information, see the following documentation topics: