Troubleshoot SSO Connections

When using SSO to log into Managed Service, the most common issues that are typically encountered include:

  • Attempting to perform an IdP-initiated login

  • Not having a Managed Service account

  • Not having SSO configured for your Managed Service account

  • An incorrect SSO subject type

  • An incorrect Managed Service cluster endpoint

  • Incorrect SSO assertions for email, first name, and last name

  • Not providing a fully qualified domain name (FQDN) when a domain is requested

If using SSO to log into Managed Service is unsuccessful, SingleStore will require additional information to help troubleshoot your connection issue(s).

Notice

The following instructions require a Chrome browser. While other browsers may also be used, missing steps for non-Chrome browsers will need to be improvised.

  1. Install the SAML Chrome Panel extension (or an equivalent).

  2. Open Chrome Developer Tools:

    1. Click the Chrome hamburger menu (three vertical dots in the top right-hand corner of Chrome) and select  More Tools > Developer Tools.

    2. Click View in the Chrome menu bar and select Developer > Developer Tools.

  3. In the SAML Chrome Panel, click the SAML tab.

  4. In the Chrome address bar, navigate to the SingleStore portal (https://portal.singlestore.com/).

  5. Proceed to the next step at your first failure. On the portal sign in page, select the Single Sign-On tab, enter your Managed Service username, and click the Continue button. Log into your account using your Identity Provider, and allow it to redirect back to the SingleStore portal.

  6. Upon receiving an authentication error, check the SAML Chrome Panel. There should be a host of XML output displayed.

  7. Copy this XML output, create a SingleStore Support ticket, and paste this XML output into the ticket.

  8. SingleStore will review this XML output to confirm that:

    • The endpoint is correct for your Identity Provider configuration.

    • The SSO subject is set to “persistent”.

    • There are SSO assertions for email, first name, and last name that match the SSO instructions.