You are currently reviewing an older revision of this page.

DRAFT SP-6735 Generic SAML error in logs - "Idp Entity Id not stored on session or request"

Symptom

The following is observed in the application server log for Appian sites with SAML authentication configured:

ERROR com.appiancorp.security.auth.saml.redirecter.SamlAuthProviderQueryStringGenerator - Could not find IdP entity Id: Idp Entity Id not stored on session or request

Cause

A SAML user failed to log in to Appian. This is a generic error and can be due to a variety of reasons. Some of these reasons include but are not limited to:

  1. Certification Expiration on Admin Console SAML configuration 
  2. Users not added in correct SAML groups
  3. Significant mismatch between the clocks of the IdP and Appian

Action

Check whether SAML users whether or not they are having issues logging in to Appian. If users are not facing issues then the error can be safely ignored as it likely means that some users had failed login attempts but were ultimately able to log in. If users are facing an issue then please review KB-1450 for troubleshooting steps to take. If this does not resolve the issue, open a case with Appian Technical Support and include the following:

  • When the issue started occurring, and if any SAML configuration changes were made recently on the Appian or IdP side.
  • A timestamp (with time zone) of a failed login attempt and the application server log containing this timestamp.
  • A screenshot of the frontend error.
  • The scope of impact (e.g. all SAML users or only a subset).
    • Note: details of each login attempt are recorded in login-audit.csv. More information about this log can be found here.
  • SAML trace for a failed login attempt.

Affected Versions

This article applies to all versions of Appian using SAML authentication.

Last Reviewed: September 2021

© 2024 Appian. All rights reserved.