Troubleshooting guide

Certificate and DNS

When using an internal ADFS that has a self-signed certificate, it is important to remember that this needs to be imported to ifsapp-iam pod, or the pod will refuse to connect to the ADFS.

If the ADFS is on an internal network, make sure that the DNS has been correctly set during the installation of Kubernetes.

General Problems

This section will cover the most common problems encountered during setup and there maybe others that are not covered here. To troubleshoot effectively, it is important to find out whether the problem is on the ADFS side or on the IFS side. By tailing the ifsapp-iam logs it might be possible to detect if the problem is likely on either one of the sides. Few log entries in ifsapp-iam usually mean it’s on the ADFS side.

Errors before entering credentials

The problem is either on the ADFS side or there is a problem with the client id and/or the client secret.

Double check the redirect Uri on ADFS and the client id and client secret in Aurena.

Errors after entering credentials

Assuming the credentials are correct, it is likely that the user has now been created in ifsapp-iam but is not correctly mapped with the Directory ID in IFS Cloud.

Double check the claims sent from ADFS (using UPN, SAMAccountName?). Make sure the outgoing claim (from ADFS) matches the claim mapped in the IdP attribute mapper. Verify the Directory ID for the end user, to see if it is using the correct format (UPN, SAMAccountName) and if the user has the correct access.