Skip to main content
Virtual Office SAML SSO: Invalid SAML Response
8x8 Support Knowledge Base

Virtual Office SAML SSO: Invalid SAML Response

Symptom

When attempting to log in to Virtual Office using SAML SSO, you receive an error that reads, Invalid SAML Response.

Invalid_SAML_Response-450x283.png

Applies To

Virtual Office, SAML

Resolution

Enable or Create a New SAML Certificate

If the SAML security token has expired, you should enable or create a new SAML certificate.

  1. Enable or create a new SAML certificate, and add it to the SAML service.
  2. Ensure that the newly-created certificate is converted to PEM format. This is the only SAML certificate format supported by 8x8.
  3. Add the new certificate to Account Manager > Accounts > Single Sign On > Single Sign On > SAML.
  4. Test an 8x8 SSO login using Virtual Office Desktop to confirm the resolution.
Note: Customers using Microsoft SAML products may experience this issue weeks in advance of their security token's hard-coded expiration date. This can happen because Microsoft SAML services may create a secondary token by default 20 days in advance of the primary token's expiration, and then promote that secondary token to primary 5 days later. This certificate promotion immediately prevents SSO authentication between 8x8 and the user's SAML service 15 days in advance of the token's hard expiration date, because the 8x8 configuration is still using the old, primary token.

Ensure SAML is Configure Correctly

If the SAML setup is new, ensure that it has been configured correctly, then move on to the certificate steps.

  1. Verify that SAML has been properly configured on the user's side. Guides for specific 8x8 configuration can often be found on the SAML SSO provider's web site. The 8x8 Knowledge Base also has many documents for specific SAML configuration. Search the Knowledge Base for SAML.
  2. Ensure that the newly-created certificate is converted to PEM format. This is the only SAML certificate format that 8x8 supports.
  3. Upload the new certificate to Account Manager > Accounts > Single Sign On > Single Sign On > SAML.
  4. Test an 8x8 SSO login using Virtual Office Desktop to confirm the resolution.

Cause

The most common causes for this issue are:

  1. The user's SAML security token has expired. Note: Security token expiration can occur for a number of reasons, but expiration does not occur on the 8x8 side. However, the security token may be expired on the user's SAML service even if the certificate's expiration is set for a future date. See the Resolution section, below.
  2. The user's SAML SSO configuration is incorrect. This especially applies if the user has not used SAML SSO with 8x8 before.

 

  • Was this article helpful?