Skip to main content
Contact Support

Who is this article for?

Incydr Professional and Enterprise
Incydr Basic and Advanced
CrashPlan Cloud
CrashPlan for Small Business
Other product plans

Incydr Professional and Enterprise, no.

Incydr Basic and Advanced, no.

CrashPlan Cloud, no.

Other product plans, yes.

CrashPlan for Small Business, yes.

This article applies to on-premises authority servers.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Troubleshoot Microsoft AD FS SSO

  1. Last updated
  2. Save as PDF

Who is this article for?

Incydr Professional and Enterprise
Incydr Basic and Advanced
CrashPlan Cloud
CrashPlan for Small Business
Other product plans

Incydr Professional and Enterprise, no.

Incydr Basic and Advanced, no.

CrashPlan Cloud, no.

Other product plans, yes.

CrashPlan for Small Business, yes.

This article applies to on-premises authority servers.

Overview

This article explains how to set up Microsoft Active Directory Federation Services Single Sign-On (Microsoft AD FS SSO) to use the proper authentication method with Code42. Follow this article if SSO authentication for the Code42 app works externally but not internally, or if you see one of the following errors: 

  • In Code42 logs: "SsoAuth:: Invalid assertion received from IdP, user could not be authenticated."
  • In the AD FS event viewer: "MSIS7102: Requested Authentication Method is not supported on the STS"

Affects

Code42 environments that use Microsoft AD FS SSO.

Diagnosing

Step 1: Elevate Code42 logging level

  1. Sign in to the Code42 console.
  2. Double-click the Code42 logo in the upper-right corner.
    The command-line interface appears.
  3. Enter the following command to increase the logging level: log com.code42.ssoauth.saml trace

Step 2: Search the logs for error

Code42 logs

  1. View your Code42 environment's log:
    • To view the logs in the console: Go to Settings > Logs.
    • To view the log file:
      • Linux: /var/log/proserver
        Applies to Code42 servers installed as root on Ubuntu
      • Windows: C:\Program Files\CrashPlan PROe Server\logs
  2. Select the  com_backup42_app.log folder. 
  3. Search for the following message:
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"/>

The status code of the Response was not Success: "urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext"

The StatusCode shows status:NoAuthnContext instead of status:Success, which means the AD FS is providing an incorrect global authentication policy. 

AD FS logs

To verify the error on AD FS:

  1. Navigate to your AD FS event viewer.
  2. Search for the following log: MSIS7102: Requested Authentication Method is not supported on the STS

If you see the above error, continue to the recommended solution to configure AD FS to use the proper authentication method with Code42. 

Recommended solution

The recommended solution is to edit the Authentication Policies in AD FS: 

  1. Navigate to Authentication Policies.
  2. Under Primary Authentication, click Edit next to Global Settings.
  3. Under Intranet, enable both Forms Authentication and Windows Authentication.

edit global authentication policy

External resources

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
    Available in CrashPlan Cloud
    No
    Available in Incydr Basic and Advanced
    No
    Available in Incydr Pro and Enterprise
    No
    Stage
    Draft
  2. Tags
    1. AD FS
    2. ADFS error
    3. licincydrent:false
    4. SSO