Lucid offers SAML integrations to Enterprise accounts so that admin can easily manage user sign-on using their IDPs. Lucid’s SAML integration allows you to connect Lucid to your IDP so that users on your account can quickly and securely authenticate through your IDP using SAML 2.0.
The purpose of this post is to provide troubleshooting recommendations for common errors that occur when configuring SAML for the first time as a Lucid Admin or authenticating via SAML as a Lucid user.
Cause of Error: Misconfigured endpoint/value/encryption method (SAML Domain ACS URL)
Entity ID related:
- Possible Errors Returned: “Your team is not configured for SAML” “Misconfigured application”
- Solution: This error message typically indicates there is a discrepancy between the SAML domain you have populated in the Lucid Admin Panel and the one you have populated for the Lucid SAML app in your IDP. Check the SAML domain you have configured in the IDP with the value in the Lucid Admin Panel and confirm they match.
ACS/Reply URL related:
- Possible Errors Returned: “Invalid SAML response” Only IDP initiated SAML auth is successful
- Solution: If all members of your Lucid account are receiving this error confirm the values you have configured for the ACS and Sign On URLs match our documentation here. If you edit any values in the IDP you will need to upload your new IDP metadata to Lucid to reflect those changes.
Encryption method/signature algorithm related:
- Possible Errors Returned: “Sorry! Our servers experienced an error” “Response validation error deprecated signature algorithm”
- Solution: Confirm you are using SHA-256 as your Digest Algorithm/Signature Algorithm and upload a new set of IDP metadata to Lucid if a change was needed in your IDP metadata.
Cause of Error: User not assigned to the Lucid SAML app
- Possible Errors Returned: “example@fakeemail.com not assigned to a role for the application” “Invalid SAML response” for individual user
- Solution: If you are an individual user or an admin working with an individual user receiving this error confirm with your IT team the user is assigned to the Lucid SAML app in your IDP.