• ADFS contains 3 – Should be the token signing certificate

- Using https:// instead of http:// in the Cezanne configuration for the UID field (System Setup >> Security Settings >> Single Sign-On Configuration)

- Mapping the correct user account from AD – Cezanne (Typically the User Principle Name) People tend to pick email address for this but the UPN can be set to be anything. This can be checked by looking at the AD object attributes

If the user is created in Azure Active Directory the user principle name is typically the user name:

• SSO was working and isn't now (No internal configuration changes made)

If your Single Sign-On was working, and no internal changes have been made to your configuration (such as a change of directory or domain name), try uploading the alternative certificate from the Azure Federation Metadata page into Cezanne OnDemand.

For more information about uploading certificates, see: Single Sign-On: Using SAML 2.0 to Implement Azure Active Directory Single Sign-On for Cezanne OnDemand.

ADFS does not automatically update the metadata and this needs to be done manually by right clicking on the ADFS entry and selecting the “Update from Federation Metadata” option. On the following screen click update.

Bad Request - Request Too Long

ADFS is setting a number of large-sized cookies that is causing the overall size of the request to exceed the ADFS server’s max request size limit.

• The solution is to use the developer tools to clear all the cookies for the ADFS server domain.

If you receive the above error message, you will need to apply a hotfix from Microsoft. For more information, see: Microsoft Hotfix.