If you are having trouble accessing your Dude Solutions account using single sign-on through ConnectAuthenticate, you can use the following information to help troubleshoot the issue. *Note: This page is intended for Administrators of ConnectAuthenticate. Please contact your system administrator if you experience difficulty logging in through SSO.
Only some of my users are experiencing issues.
ConnectAuthenticate tends to break for everyone or no one. If all of your users are having problems connecting, it is likely either:
- A Federation Service issue
- A Directory issue
- A Dude Solutions’ issue
If your Federation Service goes down, your users will not be able to connect to their Dude Solutions’ products while SSO Mode is active. If, on the other hand, only a few of your users are affected, then the issues are likely user error or Directory misconfiguration.
I am prompted to enter an Account Number.
This typically occurs because the URL that the user is using has not been updated to the new ConnectAuthenticate-style URL that passes in the account number. Ensure that the correct SSO URL is being used.
I receive a Certificate Expired message.
This occurs when the Private Key Certificate for your Federation Service has expired. You can continue to use your Dude Solutions’ products by clicking “Proceed Anyway,” but you will want to renew your certificate as soon as you are able.
I receive a Dude Solutions message that First Name, Last Name, and Email Address are required.
This occurs when the Security Token presented to Dude Solutions by your Federation Service does not contain all three of First Name, Last Name and Email Address claims. This could be a result of a missing Claim on the Federation Service or it could be a result of that data for the user being missing in your Active Directory. If only a single user is reporting this issue, and other users are able to use Dude Solutions products without this problem, it is most likely due to the user’s Directory account missing information or providing incorrect information to your Federated Service. If all users are reporting this issue, it is likely the Federation Service is missing a Claim.
I receive a Dude Solutions message that I am not authorized to use the Product.
This occurs when connecting to a product-specific URL that you cannot access because you do not have a role configured in the product you are attempting to access. If you should have access to the product. contact your local product administrator to have your Dude Solutions account configured for greater access. This can also occur when your Directory account is not a member of the Directory security group that is sometimes configured to control who can access Dude Solutions products. If you have a role configured in the product you are attempting to access, contact your local IT administrator to have your Directory account added to the Dude Solutions product access security group.
I receive a Dude Solutions message that I do not belong to the Dude Solutions Applications Group.
This occurs when your Active Directory account is not a member of the Directory security group that is used to control who can access Dude Solutions products. Contact your local IT administrator to have your Directory account added to the Dude Solutions product access security group.
I receive a Dude Solutions message that my login for this option has been disabled.
This occurs when connecting to a product-specific URL that you have a non-Requester Role configured for. However, your user account has been disabled by your local product administrator. Contact your local product administrator to learn why you have been disabled or to restore your access.
I receive a Dude Solutions message that the User with the email address does not exist.
This occurs when the email address provided in the security token for the user is different than the email address for the user in the Dude Solutions product. This error message includes an email address. The email address displayed is the email address that your Directory is listing for the user. That email address is not present in the Dude Solutions product that the user is attempting to access. The solution to this is to either correct the email address in Directory to the email address that has been entered in the Dude Solutions product, or correct the email address in the Dude Solutions product to the email address that is being provided by Directory.
After logging into the Main Login, where I am able to select the product I want to use, no products appear in the product selection drop down.
This occurs when a space has accidentally been included in your email address in the Dude Solutions product. Contact the Dude Solutions Client Service Center for assistance at 877-868-3833 and indicate that you suspect a space has been accidentally entered into your email address in your Dude Solutions user profile.
When I attempt to log in, I get the message “There was a problem accessing this site. Try to browse to the site again.” The URL in the Address Bar is on my domain.
This most likely occurs when your Token-Signing Certificate has expired or is otherwise invalid. You will want to get a new Token-Signing Certificate for your Federated Service.
When I attempt to log in, I get the message “Server Error in /sso.sts’ with the URL “https://login.DudeSolutions.com/SSO.STS/” in the Address Bar. There is also text stating “The SamlSecurityToken is rejected because the SamlAssertion.NotBefore condition is not satisfied.”
This occurs when the system time on your ADFS Proxy and your ADFS Server are out-of-sync (typically by 5 or more minutes). To fix this, log into both the ADFS Proxy and the ADFS Server and restart the “Windows Time” service on each. Additionally, check to make sure that your time zones for each machine are set correctly. Then, open a command prompt and type w32tm /resync to resynchronize the time on the machines.
I receive a Dude Solutions message that I have an Invalid Certificate.
This occurs when the security certificates on either the ADFS server or on DudeSolutions' servers have been changed or have expired. To fix this:
Confirm that the ADFS server certificate has not expired:
- Log in to the ConnectAuthenticate portal.
- Click the Certificate tab.
- Verify that the expiration date listed for the ADFS server certificate has not passed. *Note: If the expiration date has passed, a new certificate will need to be installed and configured on the ADFS server, and updated in the ConnectAuthenticate portal.
Confirm that the existing ADFS server certificates have not expired:
- Log in to the ADFS server.
- Open the ADFS management application.
- Expand the Certificates folder.
- Confirm that all three certificates listed (Network Communication, Token-decrypting, and Token-signing) have not expired.*Note: If any of the certificates have expired, they will need to be updated. Token-decrypting is the most common certificate that needs updating.
Confirm that DudeSolutions' certificate has not expired:
- Log in to the ADFS server.
- Open the ADFS management application.
- Expand the Trust Relationships folder.
- Click Relying Party Trusts.
- Check for a red exclamation mark next to ConnectAuthenticate.
- If there is a red exclamation mark, log in to the ConnectAuthenticate portal and download DudeSolutions' current Public Key Certificate.
- Replace the certificate for the Relying Party Trust on the ADFS server.
