Jamf Nation Community

bravestface · ‎08-25-2022

Good afternoon!

I've got a new Macbook Pro and when attempting to login to the Self Service app I am getting a generic SSO error.

It states:

Single Sign-On Error

An Error occurred while processing your Single Sign-On request. Contact your administrator for assistance.

I've tried dumping the Public and Private keys from the Keychain, removing the App for forcing the Jamf Policy to bring it down again. I did read something about a possible SSO token that might need to be addressed, but am not sure where that is located or managed. Can anyone shed any light on that? We nuke MS365 tokens all the time so I am familiar with the concept but is there a similar process for Jamf?

Thank you!
Derek

Jay_007 · ‎08-25-2022

Have your tried disabling 'Token Expiration Time Override' under you SSO settings in Jamf? If your token expiration duration in Jamf is not in sync with Azure, you will get this error. It's easier just to disable this in Jamf and let Azure handle the token expiration instead.

bravestface · ‎08-26-2022

Thanks for the quick reply! Is this a global setting or do we have the ability to have the ability to affect this on a per device level? This is the first time we've encountered this and it seems to be (at the moment) only affecting this machine.

Thank you!

cmcdonald89 · ‎08-26-2022

Interestingly we had this issue. You can do as Jay suggested or since the azure SAML default token expiry is 90 days you put 129600 in the token expiration field. That machine could have cached an older token.

Jay_007 · ‎08-28-2022

Yeah, this is a global setting. Unfortunately you can't configure it as a per device setting:

Scroll down to Token Expiration Time Override:

Also, I didn't realise that the SAML default token expiry was 90 days. I couldn't find any info on that when I set SSO up, so that's partly why I just disabled it in Jamf. Thanks @cmcdonald89!

Jamf Nation Community

SSO Error when attempting to login from Self Service App