SAML errors can be generic and can require splunk to access our backend logs.
Error: HTTP 405
Error: SAML Assertion Failure
Find the SAML DebugID by going to another tab when attempting the SAMLogin.
https://app.elastica.net/static/ng/appLogin/index.html#/debug
Search splunk by the debugID example: eddf456f-0951-559b-c534-8731e01d1c9
func=xmlSecEncCtxEncDataNodeRead:file=xmlenc.c:line=957:obj=unknown:subj=unknown:error=45:key is not found: func=xmlSecEncCtxDecryptToBuffer:file=xmlenc.c:line=715:obj=unknown:subj=xmlSecEncCtxEncDataNodeRead:error=1:xmlsec library function failed: func=xmlSecEncCtxDecrypt:file=xmlenc.c:line=623:obj=unknown:subj=xmlSecEncCtxDecryptToBuffer:error=1:xmlsec library function failed: Error: failed to decrypt file
Error: 450:key is not found
Error: failed to decrypt.
The error above would suggest that the SAML response is not encryted with our certificate. Elastica needs to decrypt it with our private key.
Elastica meta-data contains the certificate and needs to be imported and selected within the IDP.
Error: Exception thrown while processing SAML response.
IDP is expecting signed auth request and CloudSOC is not configured with "Signed Request" flag= TRUE.
In CloudSOC Settings | SSO | Advanced Settings check the box for signed request.