Skip to main content
Question

SSO Error when attempting to login from Self Service App

  • August 25, 2022
  • 4 replies
  • 84 views
bravestface
Forum|alt.badge.img+5

Good afternoon!

I've got a new Macbook Pro and when attempting to login to the Self Service app I am getting a generic SSO error.

It states:

Single Sign-On Error

An Error occurred while processing your Single Sign-On request. Contact your administrator for assistance.

I've tried dumping the Public and Private keys from the Keychain, removing the App for forcing the Jamf Policy to bring it down again. I did read something about a possible SSO token that might need to be addressed, but am not sure where that is located or managed. Can anyone shed any light on that? We nuke MS365 tokens all the time so I am familiar with the concept but is there a similar process for Jamf?

Thank you!
Derek

    4 replies

    Jay_007
    Forum|alt.badge.img+7
    • Jay_007
    • Valued Contributor
    • 56 replies
    • August 25, 2022

    Have your tried disabling 'Token Expiration Time Override' under you SSO settings in Jamf? If your token expiration duration in Jamf is not in sync with Azure, you will get this error. It's easier just to disable this in Jamf and let Azure handle the token expiration instead.  

    bravestface
    Forum|alt.badge.img+5
    • bravestface
    • Author
    • New Contributor
    • 7 replies
    • August 26, 2022

    Thanks for the quick reply! Is this a global setting or do we have the ability to have the ability to affect this on a per device level? This is the first time we've encountered this and it seems to be (at the moment) only affecting this machine.

    Thank you!

    cmcdonald89
    Forum|alt.badge.img+3
    • cmcdonald89
    • Jamf Heroes
    • 7 replies
    • August 26, 2022

    Thanks for the quick reply! Is this a global setting or do we have the ability to have the ability to affect this on a per device level? This is the first time we've encountered this and it seems to be (at the moment) only affecting this machine.

    Thank you!


    Interestingly we had this issue. You can do as Jay suggested or since the azure SAML default token expiry is 90 days you put 129600 in the token expiration field. That machine could have cached an older token. 

    Jay_007
    Forum|alt.badge.img+7
    • Jay_007
    • Valued Contributor
    • 56 replies
    • August 28, 2022

    Thanks for the quick reply! Is this a global setting or do we have the ability to have the ability to affect this on a per device level? This is the first time we've encountered this and it seems to be (at the moment) only affecting this machine.

    Thank you!


    Yeah, this is a global setting.  Unfortunately you can't configure it as a per device setting:

    Scroll down to Token Expiration Time Override:

    Also, I didn't realise that the SAML default token expiry was 90 days. I couldn't find any info on that when I set SSO up, so that's partly why I just disabled it in Jamf. Thanks @cmcdonald89!


    Terms & ConditionsCookie settingsAccessibility statement