Blackbaud SSO with Manage Engine ADSelfService Plus

Ben Carrasco · February 17

This was working well for over a year until recent BB Changes. Anyone using ADSSP as their idP with BB SSO (as the sP)? Getting a generic error upon successful Auth+MFO (via ADSSP) after the redirect:

513754704a9ae0c7ef6bfc163aaf8213-huge-ch

Jay Trussell · February 17

@Ben Carrasco
We fought that screen when we migrated back in November. What it really meant for us was that the SAML assertion was being rejected. We use CAS from apereo.org as our provider, so our issue might not be the same as yours. The underlying cause the SAML signature was invalid. We were seeing xml encoded carriage returns (&#xd") within the Signature Value, but BB was not expecting them. This seemed to affect Chromium based browsers. I believe Firefox was stripping the CRs out. Evidently an update to CAS introduced this “feature”. For more information, see https://groups.google.com/a/apereo.org/g/cas-user/c/yHD58acThcs/m/bICrHqjzAAAJ?pli=1

Our case number with BB support was 019857711 if that is helpful.

Blackbaud SSO with Manage Engine ADSelfService Plus

Comments

Categories