Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Resolving SSO issues

See the following table for SSO issues and ways to resolve them.

Issue Resolution
The credential store fails to return credentials when requested. Check the error log for credential store errors (34050–34090).
The user cannot log on to the selected cloud service. The connector to the service might be broken. Contact the SSO Catalog support team.

The user cannot update credentials for a cloud service.

Check the order of the rules in the Single Sign On rule set. The Select Services rule set, which adds services to SSO Connector lists, must be located before the Manage Form Credentials rule set.


SAML single sign-on fails.

Possible reasons for SAML SSO failure are:
  • Not all user information is provided — Some cloud applications require specific user attributes. To view the missing user attributes, check the error log for SSO errors (34000–34999).
  • Single sign-on is not configured correctly — Verify that single sign-on is configured correctly in the Web Gateway user interface and in the SAML application administrator account.


When automatic downloading of
SAML metadata is configured and
the download fails, an error is
returned stating that the
requested service does not exist.

Possible reasons for this error are:

  • The metadata is downloaded from an HTTPS URL without a trusted certificate.
  • The signature in the SAML metadata file is incorrect.
  • The SAML metadata file is missing the signature.

NOTE: For more information about this error, see the file: /opt/mcfc/log/ mcfc.log.

After importing the SSO rule set,
one or more custom connectors
or links to cloud services and
applications are broken.
When the rule set is imported, new Service IDs are assigned to the custom connectors. Update any Service IDs that are used to reference custom connectors.
  • Was this article helpful?