Summary

Authentication to the Work portal is not working when using Federated authentication with an identity provider such as Ping Federate.

Applies to

Bizagi .JEE 10.7 or later.

Symptoms

After entering an authorized login and password for the authentication, a Failed to Single Sign-On error is thrown at the Federated authentication error page.

Cause

This error has two common causes:

• The server certificate being used for Federated authentication is not installed at the Java Keystore.
• The server certificate does not have an appropriate/valid signature.

Solution

1. Make sure you have configured the Federate authentication as illustrated at http://help.bizagi.com/bpmsuite/en/index.html?sso_authentication.htm.
Note that your identity provider should support the protocols and versions listed as requisites.

2. Verify that certificates are imported correctly at the Java Keystore of the JVM being used by the server.
For instance when using auto-signed certificates (or a development-environment CA) you may need to explicitly install/import such certificates.

If you are using Bizagi JEE Plug-in, install them at C:\BizagiJEE\[Bizagi_version]\jdk6\jre\lib\security\cacerts\.
Otherwise, install them at the JVM used by that server.

3. Verify your server certificates validity. 
When having the certificate installed, open its detail to check its status.

The following image shows an invalid certificate:

The following image shows a valid certificate:

If the certificate is invalid, you will need to make sure you use a valid one and re-install/re-import it at the Java Keystore of the JVM.