If Multi-SSO is installed, check whether SAML installation exits are inactive


After installing Multi-SSO plugin, check whether SAML installation exits are disabled. Doing so will save you time on troubleshooting. Do a similar check for other scripts that have been customized, such as script includes, business rules, and so on. Update versions to the most current script manually.




After enabling Multi-SSO, some SSO validations might fail if the Multi-SSO installation scripts do not execute first.

There are some exception cases where some SAML* installation exits remain active (incorrectly) after the Multi-SSO plugin is installed, for example, if SAML is already active at the time you activated Multiple Single Sign-On and if you already customized the SAML installation exits.

This could cause the logs to show the following errors:

    WARNING *** WARNING *** Evaluator: org.mozilla.javascript.EcmaError: Cannot convert null to an object.

    Caused by error in Script Include: 'SAML2_update1' at line 35
    32: this.lastGeneratedRequestID = null;
    33: this.inResponseTo = null;
    34: this.logoutFailureEventId = "saml2.logout.validation.failed";
    ==> 35: this.certGR = this.getCertGR();
    37: // Keep SAMLAssertion object for validation
    38: this.SAMLResponseObject = null;


Multi-SSO is replacing the previous SAML installation exits; however, in some cases, the previous SAML installation exits are not disabled.


To resolve the problem, if Multi-SSO is installed correctly, validate that the following installation exits have Active set to False:

  • SAML2Logout
  • SAML2Logout_update1
  • SAML2SingleSignon
  • SAML2SingleSignon_update1

For more information, see the following documentation topics:


Article Information

Last Updated:2017-10-04 06:45:28