SAML doesn't work: possible solutions
Manuals
Integrating with Azure
Problems and solutions
Symptom: You see an error like Application with identifier 'https://www.jitbit.com/web-helpdesk/' was not found in the directory in Azure (may be different for other providers)
Solution: Make sure that your EntityID setting (can also be called Identifier or something else) in the SAML provider is "httpS://www.jitbit.com/web-helpdesk/", not "http://www.jitbit.com/web-helpdesk/" (note the "s" in "https")
In Azure this settings might be hidden under "Show advanced URL settings". Please see the screenshot
If you keep getting a similar error message despite the correct settings – If you have a custom domain name, e.g. yourhelpdesk.yourcompany.com, please make sure that your SAML settings reflect that domain name and not your original third-level domain name yourhelpdesk.jitbit.com.
Symptom: Sometimes you get this error from Azure AD:
Additional technical information:
Correlation ID: be7c7a8c-e177-4ea1-8dad-4892d58ec347
Timestamp: 2017-06-26 18:01:00Z
AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: 1904627f-7cc7-4d01-8ef1-71cad7efbecd. Resource value from request: . Resource app ID: 00000002-0000-0000-c000-000000000000. List of valid resources from app registration:
Solution: here's the workaround provided from one of our customers:
"Just to let you know, we had to delete and recreate the application connection in Azure AD to get it working. We tried editing the Entity ID first but that didn’t fix it so we deleted it and recreated it using the addition info provided and now it’s working again."
Also make sure you're accessing the helpdesk app via HTTPS, because Azure (and other providers) might get in trouble redirecting you back to a non-secure URLs
Integrating with Azure
Problems and solutions
Symptom: You see an error like Application with identifier 'https://www.jitbit.com/web-helpdesk/' was not found in the directory in Azure (may be different for other providers)
Solution: Make sure that your EntityID setting (can also be called Identifier or something else) in the SAML provider is "httpS://www.jitbit.com/web-helpdesk/", not "http://www.jitbit.com/web-helpdesk/" (note the "s" in "https")
In Azure this settings might be hidden under "Show advanced URL settings". Please see the screenshot
If you keep getting a similar error message despite the correct settings – If you have a custom domain name, e.g. yourhelpdesk.yourcompany.com, please make sure that your SAML settings reflect that domain name and not your original third-level domain name yourhelpdesk.jitbit.com.
Symptom: Sometimes you get this error from Azure AD:
Additional technical information:
Correlation ID: be7c7a8c-e177-4ea1-8dad-4892d58ec347
Timestamp: 2017-06-26 18:01:00Z
AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: 1904627f-7cc7-4d01-8ef1-71cad7efbecd. Resource value from request: . Resource app ID: 00000002-0000-0000-c000-000000000000. List of valid resources from app registration:
Solution: here's the workaround provided from one of our customers:
"Just to let you know, we had to delete and recreate the application connection in Azure AD to get it working. We tried editing the Entity ID first but that didn’t fix it so we deleted it and recreated it using the addition info provided and now it’s working again."
Also make sure you're accessing the helpdesk app via HTTPS, because Azure (and other providers) might get in trouble redirecting you back to a non-secure URLs