This topic tells you how to resolve common errors that arise when configuring a single sign-on partnership between PLayer7 SiteMinder and Single Sign‑On for VMware Tanzu Application Service.

Layer7 SiteMinder Partnership is Inactive

Symptom

You see an error similar to the following screenshot:

Explanation

The Layer7 SiteMinder is inactive in Layer7 SiteMinder.

Service Provider Entity ID Misconfigured

Symptom

You see an error similar to the following screenshot:

Explanation

The service provider Entity ID is misconfigured in Layer7 SiteMinder.

Incoming SAML message is invalid

Symptom

You see an error similar to the following screenshot:

Explanation

Possible explanations are as follows:

• The identity provider Entity ID is misconfigured in Layer7 SiteMinder or in Single Sign‑On.

• The Name ID Format was misconfigured in Layer7 SiteMinder.

Assertion Consumer Service URL Misconfigured

Symptom

You see an error similar to the following screenshot:

Explanation

The service provider Assertion Consumer Service (ACS) is misconfigured in Layer7 SiteMinder.

Audience Field Misconfigured

Symptom

You see an error similar to the following screenshot:

Explanation

The service provider Audience Field is misconfigured in Layer7 SiteMinder.

Expired Certificate

Symptom

You see an error similar to the following screenshot:

Explanation

The certificate has expired in Layer7 SiteMinder.

Identity Provider SSO URL Misconfigured

Symptom

You see an error similar to the following screenshot:

Explanation

The identity provider SSO URL is misconfigured in Single Sign‑On.