Table of Contents
FAQs
Troubleshooting
Related Articles
FAQs
How long does it take for SSO changes to be applied?
How does Single Sign-On (SSO) work?
What is the Attribute (SAML Field)? Is it the same thing as NameID?
What is the entityID?
Do I have to use Single Log-Out (SLO)?
Who owns/renews the SAML certificate?
How long does it take for SSO changes to be applied?
It can take 15 minutes for changes to SSO configurations to be applied.
How does Single Sign-On (SSO) work?
Single Sign-On (SSO) works on the premise that someone else is validating the user and then sharing back with Coursedog to tell us who they are, so we can match them within Coursedog. You can learn more about configuration here.
What is the Attribute (SAML Field)? Is it the same thing as NameID?
The Attribute SAML Field determines what we're comparing against in your institution’s system, either their username (email) or another value like an internal employee ID. This varies by SSO implementation. That's why it's a text field that your school’s IT rep should provide after looking at what is in your SAML response.
What is the entityID?
For staging, entityID="https://staging.coursedog.com/metadata.xml".
For production, entityID="https://app.coursedog.com/metadata.xml".
Do I have to use Single Log-Out (SLO)?
No. This is an institutional preference. Those with tighter security restrictions may require single log out (SLO). Many don't and would for prefer that ending a Coursedog session not have an impact on other applications.
Who owns/renews the SAML certificate?
Customers own and renew their own Identity Provider certificates and share those with Coursedog. Coursedog does, however, own Service Provider certificates, and whenever we update that, it’s updated for all schools.
Troubleshooting
Error Doing Validation
Unable to Verify User Identity
SSO Redirect Fails with 404
Incomplete SSO Response
No SSO URL Found
Error Doing Validation
Problem Overview
You attempt to sign into staging.coursedog.com but receive an error message that reads, “Error doing validation: SAML assertion error: Error: SAML Assertion signature check failed! (checked 1 certificate(s))”.
What it Means
This means your SAML certificate isn’t entered correctly.
Solution Overview
Check that the certificate is correct.
Solution Detail
Navigate to Admin > Settings > Auth Settings.
Under “SAML Certificate”, ensure the number shown there matches your ds:X509Certificate. This is typically found in your certificate file.
Unable to Verify User Identity
Problem Overview
You receive a message that says, “Unable to verify user identity” AFTER you’ve logged in via your institution and have been re-directed back to Coursedog.
What It Means
If you’re using SAML, this typically means that what you input for the Attribute (SAML Field) and User Property (Coursedog Field) doesn’t match up.
If you’re using CAS, this could be an issue with Attribute Release Policy.
SAML Solution
Overview
Determine what it is you are sending back to Coursedog and adjust the user property to match.
Example
Problem
If you set “Attribute (SAML Field)” as “NameID” and “User Property (Coursedog Field) as “Email”, but your NameID doesn’t contain the user’s email address – but rather their institution ID – that can result in an “Unable to verify user identity” error.
Solution
In this example, changing the user property to “Institution ID” would fix the issue.
CAS Solution
You might need to define an Attribute Release Policy in your CAS configuration by adding the following text.
SSO Redirect Fails with 404
Problem Overview
You enter your email address at Coursedog and are re-directed to your institution’s page only to encounter a 404 error.
What It Means
This is under investigation but can typically be avoided with the below workaround.
Workaround
Instead of starting with staging.coursedog.com or app.coursedog.com, go directly to the SSO URL, which follows the below format depending on whether you are trying to access staging or production.
Staging
http://staging.coursedog.com/#/login/<schoolid>
Production
http://app.coursedog.com/#/login/<schoolid>
Incomplete SSO Response
Problem Overview
Everytime you try to log into Coursedog, you receive an error message that reads, “Incomplete SSO response. Please try again. If the issue persists please contact administrator”.
What It Means
You’ll see this error if the incoming response from SAML is incomplete, i.e. if RelayState is missing. RelayState is an object that we send to SSO and expect to come back to us. It contains either your school name or the email address of the user (depending on how they initiated the login flow). If the RelayState doesn’t come back, then we won't be able to process the SAML response.
Solution Overview
Contact your institution’s SSO administrator to see why the RelayState has dropped and wait for a fix.
While waiting for that fix from your IT, a temporary workaround would be to switch to password-based authentication at Settings > Users > (Click on User Name to Open Profile).
No SSO URL Found
Problem Overview
You’re using the school-specific link for users to log in via SSO but when users click the log-in button, they see an error message that reads, “No SSO URL Found.”
What It Means
This likely means the URL you are using includes a school ID that doesn’t match the “School Unique ID” configured in your school’s admin panel.
Solution Overview
Navigate to Admin Panel > Settings.
Check the “School Unique ID”.
Compare it to the URL that is being used.
Update the URL as needed, ensuring it includes the “School Unique ID” (e.g. https://staging.coursedog.com/#/login/peoplesoft_u).
