• We are using SSO (SAML) on all our lower environments, which we refresh from Production. 
• After refreshing Prod data down to our Train environment we are getting 500 errors after going through SSO auth. If SSO is disabled it works.
• What is the recommendation on what we have to do every time we restore a backup from Prod to make sure SAML works as well? 

Release : Any 

Component : CA PPM SECURITY INTEGRATION

Production SAML configuration entries are still in the database and causing a mismatch, not allowing the SSO/SAML to connect.

Please add this to your steps post-refresh on lower environments with SAML enabled:

1. Once you do the refresh, connect to CSA
2. Disable Single Sign On
3. Now use REST API in Postman to remove the SAML Configs and Certs entries from this database
   • (If on 15.9.1+ you can also use Modern UX - Administration - Authentication & Keys - Certificates, and SAML Configurations)
   • All the old entries should be deleted
4. Once they all are removed, import the metadata file for this specific lower environment via REST API or Modern UX UI
5. Enable Single Sign On (SSO) in CSA again and test. Restart should not be necessary

This should avoid any such mismatch issues in future when you restore a backup from Prod.