Skip to main content

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, yes.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to version 6.

Other available versions:

CloudLink: What version am I on?

Code42 Support

Troubleshoot Microsoft AD FS SSO

Who is this article for?

Code42 for EnterpriseSee product plans and features
CrashPlan for Small Business 

CrashPlan for Small Business, yes.

Code42 for Enterprise, yes.

Link: Product plans and features.

This article applies to version 6.

Other available versions:

CloudLink: What version am I on?

Overview

This article explains how to set up Microsoft Active Directory Federation Services Single Sign-On (Microsoft AD FS SSO) to use the proper authentication method with Code42. Follow this article if SSO authentication for the Code42 app works externally but not internally, or if you see one of the following errors: 

  • In Code42 logs: "SsoAuth:: Invalid assertion received from IdP, user could not be authenticated."
  • In the AD FS event viewer: "MSIS7102: Requested Authentication Method is not supported on the STS"

Affects

Code42 environments that use Microsoft AD FS SSO.

Diagnosing

Step 1: Elevate Code42 logging level

  1. Sign in to the administration console.
  2. Double-click the Code42 logo in the upper-right corner.
    The command-line interface appears.
  3. Enter the following command to increase the logging level: log com.code42.ssoauth.saml trace

Step 2: Search the logs for error

Code42 logs

  1. View your Code42 environment's log:
    • To view the logs in the console: Go to Settings > Logs.
    • To view the log file:
      • Linux: /var/log/proserver
        Applies to Code42 servers installed as root on Ubuntu
      • Windows: C:\Program Files\CrashPlan PROe Server\logs
  2. Select the  com_backup42_app.log folder. 
  3. Search for the following message:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"/>

The status code of the Response was not Success: "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"

The StatusCode shows status:NoAuthnContext instead of status:Success, which means the AD FS is providing an incorrect global authentication policy. 

AD FS logs

To verify the error on AD FS:

  1. Navigate to your AD FS event viewer.
  2. Search for the following log: MSIS7102: Requested Authentication Method is not supported on the STS

If you see the above error, continue to the recommended solution to configure AD FS to use the proper authentication method with Code42. 

Recommended solution

The recommended solution is to edit the Authentication Policies in AD FS: 

  1. Navigate to Authentication Policies.
  2. Under Primary Authentication, click Edit next to Global Settings.
  3. Under Intranet, enable both Forms Authentication and Windows Authentication.

edit global authentication policy

External resources

  • Was this article helpful?