Coursedog

Submit a Ticket My Tickets
Welcome
Login  Sign up

SSO: General FAQs & Troubleshooting

Table of Contents

FAQs
Troubleshooting
Related Articles

FAQs

How does Single Sign-On (SSO) work? 
What is the Attribute (SAML Field)? Is it the same thing as NameID?
What is the entityID?
Do I have to use Single Log-Out (SLO)?
Who owns/renews the SAML certificate? 

How does Single Sign-On (SSO) work? 

Single Sign-On (SSO) works on the premise that someone else is validating the user and then sharing back with Coursedog to tell us who they are, so we can match them within Coursedog. You can learn more about configuration here.

What is the Attribute (SAML Field)? Is it the same thing as NameID?

The Attribute SAML Field determines what we're comparing against in your institution’s system, either their username (email) or another value like an internal employee ID. This varies by SSO implementation. That's why it's a text field that your school’s IT rep should provide after looking at what is in your SAML response.

What is the entityID?

Do I have to use Single Log-Out (SLO)? 

No. This is an institutional preference. Those with tighter security restrictions may require single log out (SLO). Many don't and would for prefer that ending a Coursedog session not have an impact on other applications.

Who owns/renews the SAML certificate? 

Customers own and renew their own Identity Provider certificates and share those with Coursedog. Coursedog does, however, own Service Provider certificates, and whenever we update that, it’s updated for all schools.

Troubleshooting

Error Doing Validation
Unable to Verify User Identity
SSO Redirect Fails with 404
Incomplete SSO Response
No SSO URL Found

Error Doing Validation

Problem Overview

You attempt to sign into staging.coursedog.com but receive an error message that reads, “Error doing validation: SAML assertion error: Error: SAML Assertion signature check failed! (checked 1 certificate(s))”. 

What it Means

This means your SAML certificate isn’t entered correctly. 

Solution Overview

Check that the certificate is correct.

Solution Detail

  1. Navigate to Admin > Settings > Auth Settings.

  2. Under “SAML Certificate”, ensure the number shown there matches your ds:X509Certificate. This is typically found in your certificate file.

Unable to Verify User Identity

Problem Overview

You receive a message that says, “Unable to verify user identity” AFTER you’ve logged in via your institution and have been re-directed back to Coursedog.


What It Means

  • If you’re using SAML, this typically means that what you input for the Attribute (SAML Field) and User Property (Coursedog Field) doesn’t match up.

  • If you’re using CAS, this could be an issue with Attribute Release Policy. 


SAML Solution

Overview

Determine what it is you are sending back to Coursedog and adjust the user property to match. 


Example

Problem

If you set “Attribute (SAML Field)” as “NameID” and “User Property (Coursedog Field) as “Email”, but your NameID doesn’t contain the user’s email address – but rather their institution ID – that can result in an “Unable to verify user identity” error. 


Solution

In this example, changing the user property to “Institution ID” would fix the issue.

CAS Solution

You might need to define an Attribute Release Policy in your CAS configuration by adding the following text.

 

SSO Redirect Fails with 404

Problem Overview

You enter your email address at Coursedog and are re-directed to your institution’s page only to encounter a 404 error. 

What It Means

This is under investigation but can typically be avoided with the below workaround.

Workaround

Instead of starting with staging.coursedog.com or app.coursedog.com, go directly to the SSO URL, which follows the below format depending on whether you are trying to access staging or production.

Staging

http://staging.coursedog.com/#/login/<schoolid>
Production

http://app.coursedog.com/#/login/<schoolid>

Incomplete SSO Response 

Problem Overview

Everytime you try to log into Coursedog, you receive an error message that reads, “Incomplete SSO response. Please try again. If the issue persists please contact administrator”.

What It Means

You’ll see this error if the incoming response from SAML is incomplete, i.e. if RelayState is missing. RelayState is an object that we send to SSO and expect to come back to us. It contains either your school name or the email address of the user (depending on how they initiated the login flow). If the RelayState doesn’t come back, then we won't be able to process the SAML response.

Solution Overview

  • Contact your institution’s SSO administrator to see why the RelayState has dropped and wait for a fix.

  • While waiting for that fix from your  IT, a temporary workaround would be to switch to password-based authentication at Settings > Users > (Click on User Name to Open Profile).

No SSO URL Found

Problem Overview

You’re using the school-specific link for users to log in via SSO but when users click the log-in button, they see an error message that reads, “No SSO URL Found.”

What It Means

This likely means the URL you are using includes a school ID that doesn’t match the “School Unique ID” configured in your school’s admin panel. 


Solution Overview

  1. Navigate to Admin Panel > Settings. 

  2. Check the “School Unique ID”. 

  3. Compare it to the URL that is being used. 

  4. Update the URL as needed, ensuring it includes the “School Unique ID” (e.g. https://staging.coursedog.com/#/login/peoplesoft_u).

Related Articles

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.