If Multi-SSO is installed, check whether SAML installation exits are inactive
Problem
After installing Multi-SSO plugin, check whether SAML installation exits are disabled. Doing so will save you time on troubleshooting. Do a similar check for other scripts that have been customized, such as script includes, business rules, and so on. Update versions to the most current script manually.
Symptoms
After enabling Multi-SSO, some SSO validations might fail if the Multi-SSO installation scripts do not execute first.
There are some exception cases where some SAML* installation exits remain active (incorrectly) after the Multi-SSO plugin is installed, for example, if SAML is already active at the time you activated Multiple Single Sign-On and if you already customized the SAML installation exits.
This could cause the logs to show the following errors:
| WARNING *** WARNING *** Evaluator: org.mozilla.javascript.EcmaError: Cannot convert null to an object. Caused by error in Script Include: 'SAML2_update1' at line 35 32: this.lastGeneratedRequestID = null; 33: this.inResponseTo = null; 34: this.logoutFailureEventId = "saml2.logout.validation.failed"; ==> 35: this.certGR = this.getCertGR(); 36: 37: // Keep SAMLAssertion object for validation 38: this.SAMLResponseObject = null; |
Cause
Multi-SSO is replacing the previous SAML installation exits; however, in some cases, the previous SAML installation exits are not disabled.
Resolution
To resolve the problem, if Multi-SSO is installed correctly, validate that the following installation exits have Active set to False:
- SAML2Logout
- SAML2Logout_update1
- SAML2SingleSignon
- SAML2SingleSignon_update1
For more information, see the following documentation topics: