users getting SAML errors when trying to log into the workspace

[Gary@ADL]

hi guys - we are getting a few random users (the problem seems intermittant) who are getting SAML error messages when trying to log into the service portal.

 

ive just got the error message myself when trying to access service portal via IE, (same error after clearing browser settings/history), but it works in edge, and also works in IE through my citrix workspace,

"Authorization failure: The SAML response does not have a status of 'Success', The request could not be performed due to an error on the part of the SAML responder or SAML authority. Your Identity Provider had trouble interpreting or answering the request. Please contact your IdP administrator who should be able to tell you what the problem is"

 

thanks

Gary 

 

[Victor]

31 minutes ago, Gary@ADL said:

Please contact your IdP administrator who should be able to tell you what the problem is

@Gary@ADL did you ask your admins about this?

[Gary@ADL]

hi, yes i did, they did some cursory checks but everything looks ok there end, the logging in process also worked for them, (another issue is this issue seems to be sporadic, just random users at random times), so they suggessted i mention it here to see if anyone had had similar issues and could point us at what to look at,

 

when it fails it seems to bounce between hornbill, our federation server, and a hornbill server (https://mdh-p01-api.hornbill.com/alexanderdennis/xmlmc/sso/saml2/authorize/user/service),  then it finally stops after bouncing maybe 10 times, and we get the previously attached error.

 

we in IT also had intermitent issues getting logged into live, we get the attached error, although it would work if you tried in another browser, and would be working fine for some users while other users totally unable to get in,

 

thanks 

 

[Gary@ADL]

any ideas on this guys? we are getting users with this error again? are we able to confirm that all services look good on hornbills end? -  i have checked the hornbill status checker and its reporting no errors,

 

thanks 

[Victor]

@Gary@ADL

Your instance is working fine. That specific error (failed to lookup instance) is part of the authentication mechanism, where the HB front end code is communication with HB servers to do checks regarding the instance. This particular step fails (based on error) and one of the causes can be that the user browser could not communicate with HB. Based on the fact that our monitoring tools show no issue with your instance and this issue is only happening for some users and that it might be related to a certain browser (possibly IE) I can only say there is some configuration for these users (on your environment and/or user machine/browser) that occasionally prevents the comm with HB.

[Gary@ADL]

thanks @Victor