Table of Contents
How does Single Sign-On (SSO) work?
Single Sign-On (SSO) works on the premise that someone else is validating the user and then sharing back with Coursedog to tell us who they are, so we can match them within Coursedog. You can learn more about configuration here.
What is the Attribute (SAML Field)? Is it the same thing as NameID?
The Attribute SAML Field determines what we're comparing against in your institution’s system, either their username (email) or another value like an internal employee ID. This varies by SSO implementation. That's why it's a text field that your school’s IT rep should provide after looking at what is in your SAML response.
What is the entityID?
For staging, entityID="https://staging.coursedog.com/metadata.xml".
For production, entityID="https://app.coursedog.com/metadata.xml".
Do I have to use Single Log-Out (SLO)?
No. This is an institutional preference. Those with tighter security restrictions may require single log out (SLO). Many don't and would for prefer that ending a Coursedog session not have an impact on other applications.
Error Doing Validation
You attempt to sign into staging.coursedog.com but receive an error message that reads, “Error doing validation: SAML assertion error: Error: SAML Assertion signature check failed! (checked 1 certificate(s))”.
What it Means
This means your SAML certificate isn’t entered correctly.
Check that the certificate is correct.
Navigate to Admin > Settings > Auth Settings.
Under “SAML Certificate”, ensure the number shown there matches your ds:X509Certificate. This is typically found in your certificate file.
Unable to Verify User Identity
You receive a message that says, “Unable to verify user identity” AFTER you’ve logged in via your institution and have been re-directed back to Coursedog.
What It Means
This typically means that what you input for the Attribute (SAML Field) and User Property (Coursedog Field) doesn’t match up.
Determine what it is you are sending back to Coursedog and adjust the user property to match.
If you set “Attribute (SAML Field)” as “NameID” and “User Property (Coursedog Field) as “Email”, but your NameID doesn’t contain the user’s email address – but rather their institution ID – that can result in an “Unable to verify user identity” error.
In this example, changing the user property to “Institution ID” would fix the issue.
SSO Redirect Fails with 404
You enter your email address at Coursedog and are re-directed to your institution’s page only to encounter a 404 error.
What It Means
This is under investigation but can typically be avoided with the below workaround.
Instead of starting with staging.coursedog.com or app.coursedog.com, go directly to the SSO URL, which follows the below format depending on whether you are trying to access staging or production.
Incomplete SSO Response
Everytime you try to log into Coursedog, you receive an error message that reads, “Incomplete SSO response. Please try again. If the issue persists please contact administrator”.
What It Means
You’ll see this error if the incoming response from SAML is incomplete, i.e. if RelayState is missing. RelayState is an object that we send to SSO and expect to come back to us. It contains either your school name or the email address of the user (depending on how they initiated the login flow). If the RelayState doesn’t come back, then we won't be able to process the SAML response.
Contact your institution’s SSO administrator to see why the RelayState has dropped and wait for a fix.
While waiting for that fix from your IT, a temporary workaround would be to switch to password-based authentication at Settings > Users > (Click on User Name to Open Profile).