...
If the SP cannot correctly parse the SAML response from the IdP, authentication will fail.
The response might be invalid due to errors in the SAML message format or content.
Network and connectivity issues
Connectivity problems between the IdP and SP can prevent the exchange of SAML messages.
Firewalls or proxies blocking SAML traffic can cause authentication failures.
Troubleshooting Steps
Checking the policy service audit logs is an essential first step when troubleshooting authentication failures. These logs often provide detailed information about the authentication process, including errors and warnings that can pinpoint the exact cause of the failure. You can also check the following steps for thorough troubleshooting.
Review logs on both the IdP and SP for error messages and detailed information about the failure.
Ensure that all configuration settings, including URLs, certificates, and attribute mappings, are correct.
Ensure that all servers involved have synchronized clocks.Verify network connectivity between the IdP and SP.
Confirm that the metadata exchange is current and correctly configured.
Ensure that certificates are valid and properly configured on both ends.
...