KB-2200 Generic SAML error in app server logs - "Idp Entity Id not stored on session or request"

Symptom

The following is observed in the application server log for Appian sites with SAML authentication configured:

ERROR com.appiancorp.security.auth.saml.redirecter.SamlAuthProviderQueryStringGenerator - Could not find IdP entity Id: Idp Entity Id not stored on session or request

Cause

A SAML user failed to log in to Appian. This is a generic error that can have a variety of causes, including but not limited to:

• User using incorrect credentials
• User not added to correct SAML group
• Expired SP or IdP certificate in the Admin Console SAML configuration 
• The IdP preventing the user from authenticating
• Server time mismatch between Appian and the IdP

Action

Check whether SAML users are having issues logging in to Appian. If users are not facing issues, then the error can be safely ignored as it means some users had failed login attempts but were ultimately able to log in. If SAML users are having issues logging in, please review KB-1450 for troubleshooting steps to take. If this does not resolve the issue, open a case with Appian Technical Support and include the following:

• When the issue started occurring, and if any SAML configuration changes were made recently on the Appian or IdP side.
• A timestamp (with time zone) of a failed login attempt and (if self-managed) the application server log containing this timestamp.
• A screenshot of the frontend error.
• The scope of impact (i.e. all SAML users or only a subset). Note: details of each login attempt are recorded in login-audit.csv. More information about this log can be found here.
• A SAML trace for a failed login attempt.

Affected Versions

This article applies to all versions of Appian using SAML authentication.

Last Reviewed: October 2021