Single Sign-On (SSO) with Browser Extension Rollout can be a powerful way to enhance security and streamline access to various applications for users.
However, like any technology implementation, it can come with its own set of challenges.
General advice
Please make sure that all the data you implement is correct and has the right syntax.
Here are some common issues that organizations may encounter when using SSO with browser extensions:
Error Messages
After visiting
https://sso-saml.userlane.com/c/USERLANE-COMPANY-ID/authenticate
Invalid CompanyID |
|
Invalid Signature |
|
Error status Code 500 |
|
PEM_read_bio_PUBKEY failed |
|
Outdated certification |
|
Invalid certificate format |
|
422 |
|
If the link opens the login page of your IDP and shows no error but you are still not authenticated (no Company User shown in the Userlane Portal), check the Entry Point URL, it usually should contain the word "SAML". Check the XML file for the right entry point URL.
Extension shows "Userlane not running"
Review setup
Make sure companyID, integrityToken and region are set up correctly for respective browser and use the right syntax.
Allow 3rd party cookies
Some browsers block 3rd party cookies by default, including the ones coming from Userlane. This will block some of the Userlane elements. You can check if this is the case by allowing all cookies in your browser settings (only for the sake of testing). If this has solved the problem, you can put your app's and Userlane's domain ([*.]userlane.com) in your browser's "3rd party cookie allowed list" and switch the main cookie setting back to default. You may need to ask your colleagues in IT for help.
Deactivate any Adblockers
Some adblockers can prevent any cookies collection. Allow Userlane for your adblocker or deactivate it.
Make sure that your segmentation is set up
Make sure that the user profile you use in your application matches these segmentation settings and the user is supposed to see content.
Content Security Policy
Should you have chosen Iframe as SSO Window Mode, it could be that your Content Security Policy does not support Iframes. In this case, please try using Inactive Tab as alternative SSO Window Mode.
Separate window opens asking to log in again and does not close automatically
Security Software blocks content or User is not connected to company's network.