Hi, I am trying to setup SAML Authentication via Admin Console in App

Does the certificate require a password? If this is the case it will not import successfully until the password is supplied. Are you seeing any errors in the app server log?

@Tom I had provided the password in Service Provider Certificate Password field. But it is giving the error as soon as I upload the certificate.

Are you seeing any more detailed errors in the app server log?

No, I don't see any issues related to this in app server log. Can you please try from your end, if you can able to import the certificate.

If you are referring to the sample one you attached, that is not a valid certificate.

You can try generating a new certificate/key pair by following steps like the ones here: stackoverflow.com/.../how-to-create-a-self-signed-certificate-with-openssl. You will need to combine the key and the cert into the same file.

Thanks Tom for your help. Now I am able to upload the self-signed certificate but still facing the issue while uploading signed CA certificate.I tried to test it using self-signed certificate and after uploading the Identity Provider Metadata file, when tried to login it is giving me error like "Authentication was unsuccessful.
Reason: Unexpected error occurred during SAML authentication test." Please find the screenshot for the error:

You will need to look at the app server logs to see more details as to what is going wrong. If the logs don't show anything helpful, locate the following properties in <Appian Home>/ear/suite.ear/resources/appian_log4j.properties and set them as follows:

log4j.logger.com.appiancorp.security=DEBUG
log4j.logger.org.springframework.security=DEBUG

Then you should see some more detailed logs. If you still do not see anything helpful, check with your IDP to see whether they have anything logged on their side.

Hi Tom,
I am able to import the signed certificate in Admin console now. It was working fine on Appian 7.10. So I just migrated the SSO configuration to 7.11. AD server is the IDP.
But still I am getting the below error in application-server.log:
ERROR: com.appiancorp.security.auth.saml.SamlTestServlet - Unexpected exception during SAML authentication test
java.lang.IndexOutOfBoundsException : Index: 0
Please find the screenshot of SAML configuration in Admin console.
Could you please help me in resolving this?

Can you do the following:
1. Set the increased logging levels as I described in my previous note (if you didn't already)
2. Reproduce the issue then attach the latest app server log

@Tom: I have tried to reproduce the issue again and made some changes but still facing the same issue. Below is the error from app-server.log:

DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Authorization successful
2015-12-09 13:24:30,913 [ajp-/0.0.0.0:8009-4] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - RunAsManager did not change Authentication object
2015-12-09 13:24:30,913 [ajp-/0.0.0.0:8009-4] DEBUG org.springframework.security.web.FilterChainProxy - /saml/AssertionConsumer at position 13 of 13 in additional filter chain; firing Filter: 'UserActivityFilter'
2015-12-09 13:24:30,914 [ajp-/0.0.0.0:8009-4] DEBUG org.springframework.security.web.FilterChainProxy - /saml/AssertionConsumer reached end of additional filter chain; proceeding with original chain
2015-12-09 13:24:30,914 [ajp-/0.0.0.0:8009-4] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/saml/assertionconsumer'; against '/api/**'
2015-12-09 13:24:30,915 [ajp-/0.0.0.0:8009-4] DEBUG org.springframework.security.web.util.matcher.AntPathRequestMatcher - Checking match of request : '/saml/assertionconsumer'; against '/saml/**'
2015-12-09 13:24:31,099 [ajp-/0.0.0.0:8009-4] ERROR com.appiancorp.security.auth.saml.SamlTestServlet - Unexpected exception during SAML authentication test
java.lang.IndexOutOfBoundsException: Index: 0
at java.util.Collections$EmptyList.get(Collections.java:4454)
at org.opensaml.xml.util.LazyList.get(LazyList.java:90)
at org.opensaml.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:312)
at org.opensaml.xml.util.ListView.get(IndexedXMLObjectChildrenList.java:238)
at com.appiancorp.security.auth.saml.IdentityProviderManager.getName(IdentityProviderManager.java:133)
at com.appiancorp.security.auth.saml.IdentityProviderManager.createSamlAuthenticationToken(IdentityProviderManager.java:118)
at com.appiancorp.security.auth.saml.SamlTestServlet.handlePost(SamlTestServlet.java:102)
at com.appiancorp.security.auth.saml.SamlTestServlet.handleRequest(SamlTestServlet.java:76)
at com.appiancorp.security.auth.saml.SamlTestServlet.service(SamlTestServlet.java:61)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at com.appiancorp.ap2.EntryFilter.doFilter(EntryFilter.java:40)