In this article, you will find a summary of commonly seen errors, which can occur due to misconfigurations in the Single sign-on (SSO). To resolve the potential issues, changes may need to be made in both, Teamtailor and in the customer's Identity Provider (IdP) (AzureAD, Google, Active Directory, Okta etc).
The errors could be displayed on the login page for unique users or on the page for Security → SSO. The types of errors are the following:
Invalid Signature on SAML Response
Invalid Audience
Error: Invalid Signature on SAML Response
Description: This error indicates that the cryptographic signature of the SAML response from the IdP does not match the certificate stored in Teamtailor.
Resolution: Create a new certificate in your IdP and upload the new certificate to Teamtailor.
Error: Invalid Audience
Full error message
Invalid Audience. The audience <value received from customer>, did not match the expected audience https://tt.teamtailor.com/auth/sso/<customer_teamtailor_id>/metadata
Description: This error is shown if the customer has entered the wrong information in the Entity ID field in their IdP.
Resolution: Update or change the Entity ID in your IdP.
The value in Entity ID should be on the form of [https://tt.teamtailor.com/auth/sso/<customer-unigue-key>/metadata]