Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, no.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, no.

CrashPlan for Small Business, no.

This article applies to on-premises authority servers.

Other available versions:

Cloud

HOME
GETTING STARTED
RELEASE NOTES
FAQS
SYSTEM STATUS
Code42 Support

Troubleshoot Microsoft AD FS SSO

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, no.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, no.

CrashPlan for Small Business, no.

This article applies to on-premises authority servers.

Other available versions:

Cloud

Overview

This article explains how to set up Microsoft Active Directory Federation Services Single Sign-On (Microsoft AD FS SSO) to use the proper authentication method with Code42. Follow this article if SSO authentication for the Code42 app works externally but not internally, or if you see one of the following errors: 

  • In Code42 logs: "SsoAuth:: Invalid assertion received from IdP, user could not be authenticated."
  • In the AD FS event viewer: "MSIS7102: Requested Authentication Method is not supported on the STS"

Affects

Code42 environments that use Microsoft AD FS SSO.

Diagnosing

Step 1: Elevate Code42 logging level

  1. Sign in to the Code42 console.
  2. Double-click the Code42 logo in the upper-right corner.
    The command-line interface appears.
  3. Enter the following command to increase the logging level: log com.code42.ssoauth.saml trace

Step 2: Search the logs for error

Code42 logs

  1. View your Code42 environment's log:
    • To view the logs in the console: Go to Settings > Logs.
    • To view the log file:
      • Linux: /var/log/proserver
        Applies to Code42 servers installed as root on Ubuntu
      • Windows: C:\Program Files\CrashPlan PROe Server\logs
  2. Select the  com_backup42_app.log folder. 
  3. Search for the following message:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"/>

The status code of the Response was not Success: "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"

The StatusCode shows status:NoAuthnContext instead of status:Success, which means the AD FS is providing an incorrect global authentication policy. 

AD FS logs

To verify the error on AD FS:

  1. Navigate to your AD FS event viewer.
  2. Search for the following log: MSIS7102: Requested Authentication Method is not supported on the STS

If you see the above error, continue to the recommended solution to configure AD FS to use the proper authentication method with Code42. 

Recommended solution

The recommended solution is to edit the Authentication Policies in AD FS: 

  1. Navigate to Authentication Policies.
  2. Under Primary Authentication, click Edit next to Global Settings.
  3. Under Intranet, enable both Forms Authentication and Windows Authentication.

edit global authentication policy

External resources

  • Was this article helpful?