Hi, Jay. Please also create and share a HAR file with a capture of the whole failing flow. You can use steps listed [here](https://www.inflectra.com/support/knowledgebase/kb254.aspx) - please use Firefox for that, Chrome's HARs are flawed. Also don't forget to set "Persist log" and "Disable cache" checkboxes in the console to save everything, not just the recently loaded page.

Hello Aliaksandr, Please find below the link for the HAR file generated in Firefox browser as asked by you: [HAR file](http://dev-sso.taoconnect.org/uploads/har.zip) Kindly look into the issue and let me know if you need any coordination from our side. Thank you!

Hi Aliaksandr, I have shared the link for the HAR logs and let me know if it is inaccessible for you. Please take a look at those logs and suggest a solution. Thank you.

Hi, Jay. I got the file, thanks. It doesn't help to understand situation much, though. Flow fails the first moment Passport's page is requested. You'll need to proceed to gathering clues from oxAuth and Passport logs and sharing it with us: - `/opt/gluu/jetty/oxauth/logs/oxauth_script.log` - `/opt/gluu/jetty/oxauth/logs/oxauth.log` - `/opt/gluu/node/passport/server/logs/*`

Hi Aliaksandr, Please find below the link for the the oxAuth and Passport logs as asked by you: [oxAuth and Passport logs](http://dev-sso.taoconnect.org/uploads/oxauth-and-passort-logs.zip) Please take a look at those logs and suggest a solution. Thank you.

Your Passport's `start.log` contains a bunch of exceptions implying invalid syntax of your `/etc/gluu/conf/passport-saml-config.json`. Please review your configuration there and make sure you specified everything according to the doc.

Hi Aliaksandr, As per the documentation [Inbound SAML using passport.js](https://gluu.org/docs/ce/authn-guide/inbound-saml-passport/) we configured passport-saml-config.json file. After configuration we have generated metadata for our external IdP listed in the passport-saml-config.json file once it successfully validates configuration. We can access our metadata in URL to this format: https://<hostname>/passport/auth/meta/idp/<IDP-id-from-passport-saml-config>. It can also be found under /opt/gluu/node/passport/server/idp-metadata directory within Gluu's chroot container. If passport-saml-config.json had any errors then how the metadata for external onboarding Idp is generated? Can you please take a look at the passport-saml-config.json content below and correct us if we are missing something? ``` {"jcgluussodev": {"entryPoint": "https://sso.jumpcloud.com/saml2/SSO-jcgluussodev", "issuer": "jcgluussodev", "identifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", "authnRequestBinding": "HTTP-POST", "additionalAuthorizeParams": "", "skipRequestCompression": "true", "logo_img":"https://chetu-lms.taoconnect.org/theme/taotheme/img/logo.png", "enable":"true", "cert":"MIIC5..........Cw=", "reverseMapping": { "email" : "email", "username": "urn:oid:0.9.2342.19200300.100.1.1", "displayName": "urn:oid:2.16.840.1.113730.3.1.241", "id": "urn:oid:0.9.2342.19200300.100.1.1", "name": "urn:oid:2.5.4.42", "givenName": "urn:oid:2.5.4.42", "familyName": "urn:oid:2.5.4.4", "provider" :"issuer" } } } ``` Thank you.

Hello Aliaksandr, Gentle Reminder!! Have you had a chance to look at the JSON content we added in above comment? Also, just wanted to update you that when we selected the Default Authentication Method as auth_ldap_server then user authentication via SAML is working fine. But When we chose the Default Authentication Method as passport_saml then SAML user authentication is not working and it redirects to oxauth error page. Kindly look into this and suggest a solution to resolve this issue. Thank you.

Hi, Jay. Please note that we don't offer any kind of SLA for community (free) users' tickets. We prioritize tickets of our customers first-first, what sometimes means answers to community tickets may be delayed significantly. I can't reproduce this kind of issue in my own test local setup. I also don't see any obvious mistakes in your configuration. I'll try to use your `passport-saml-config.json` file next, but you'll need to provide it completely, please don't truncate your certificate like you did in your other post.

Hi Aliaksandr, We have added a link URL with this comment for the passport-saml-config.json file. Please let us know if it is inaccessible to you. Thank you.

Hi Aliaksandr, Have you got the chance to look into the passport-saml-config.json file we provided? Please provide the solution for this issue and let us know if there is anything missing from our side. Thank you.

Hi, Jay. When I follow steps provided in the doc in my freshly installed 3.1.2 instance, it works fine even with your `passport-saml-config.json`. Thus I can't reproduce your issue. Your log files also don't shed any light on the cause of it. Unless you'll provide an exact details about your setup and all steps to reproduce it (which still conform to the mentioned documentation, as we can't support you on issues with non-standard setups), I don't see how we can help you. You'll have to do some research on your own. You already know location of all log files and how to create HAR capture. You can use [this tool](https://toolbox.googleapps.com/apps/har_analyzer/) to view it. Try to experiment a little, monitoring log files, and see whether suspicious errors will pop up. Try to make a fresh, clean install of 3.1.2 package and configure Passport in it according to the doc, documenting each step. See whether you'll get your issue again.

Hello Aliaksandr, As you mentioned it is working fine at your end. So, can you please authenticate one of our user which is created on external directory on JumpCloud (details are mentioned below) and let us know if SSO authentication from JumpCloud's console is working fine. - User email: jcuser01@yopmail.com - User Pass: Chetu@123 Thank you.

Outside the scope of community support.