What are the steps which needs to be checked if SAML Authentication is not working?

Open [SapphireIMS Installed Path]/WebManagement/standalone/log/Server.log in text editor and check below error messages with steps to resolve.

  1. Response issue time is either too old or with date in the future
    Solution: Change the clock skew value in Identity provider configuration

  2. NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration
    Solution: Change the Outgoing claim type as Name ID in AD FS server/IDP server

  3. Signature validation failed
    a. Open the federationmetadata.xml in browser
    b. Copy the green highlighted content as shown in the below image into file named such as “signingkey.cer”
    c. Open the signingkey.cer file (file created in previous step)
    d. Navigate details and click on copy to file
    e. Open previous created file in step 4 with text editor
    f. Copy the content and past into identity provider configuration

  4. InResponseToField of the Response doesn’t correspond to sent message

    Solution I: cross check in SapphireIMS application SameSite cookie enabled or not, if enabled remove the samesite cookie configuration and restart SapphireIMS service

    Solution II: if Samesite cookie enabled, change samesite cookie value to “None;Secure”

    Reference Links:
    a. cookies - SameSite attribute break SAML flow - Stack Overflow
    b. FAQ: How Chrome 80 Update for “SameSite by default” Potentially Impacts Your Okta Environment