SSO setup issues

[Gary@ADL]

Hi Guys - we are trying to configure our SSO to work with O365, 

we have followed the instructions, but are getting an error as below, which looks like its expecting the sso.hornbill.com URL as an identifier, but the 'Patterns' suggestion against the app says nothing about this? if we add in SSO.*** as per the pattern (https://<SUBDOMAIN>.hornbill.com/<INSTANCE_NAME>), it prompts for a sign in, and an MFA prompt, but then gives an error message about the reply URL not matching (3rd picture) 

 

anyone got any ideas please? we are not sure if our identifiers are incorrect? or if something else is amiss - 

 

many thanks 

 

 

 

 

[Gary@ADL]

hi guys - anyone able to shed any light on this one by chance? 

 

thanks 

[TrevorHarris]

Hi @Gary@ADL

Sorry we missed this, we are currently trying to update the documentation with Microsoft as the details there are out of date.
The metadata is available to download in the admin tool under System >  Security > SSO Profiles but I don't think its possible import this in O365, the pattern for the entity Id and Reply Url is as follows.

Entity Id: https://sso.hornbill.com/[INSTANCE NAME]/[STREAM]
Reply Url: https://[API DOMAIN].hornbill.com/[INSTANCE NAME]/xmlmc/sso/saml2/authorize/user/[STREAM]

So for example in your case this would be:
https://sso.hornbill.com/alexanderdennis/live
https://mdh-p01-api.hornbill.com/alexanderdennis/xmlmc/sso/saml2/authorize/user/live

Thanks

Trevor

[Gary@ADL]

hi @TrevorHarris - many thanks for your reply  we tried this and got a little further, but we are now receiving the below error message, if you could assist please - thanks 

 

[TrevorHarris]

Hi

This means the Id your identity provider is sending doesn't match any user Ids in Hornbill, either the user doesn't have an account or the wrong identifier is being sent.  More info about this problem here https://wiki.hornbill.com/index.php?title=Troubleshooting_Single_Sign_On

Thanks

Trevor