Troubleshooting

This topic describes troubleshooting tips for common SAML setup issues.

Identity provider's form authentication not displayed when logging in to the Traveler home page

If you do not see the expected form login from the Identity provider when testing the Traveler endpoint with a browser, check the following:
  • If the notes.ini NTS_AUTO_CONFIG is set to false.

    It defaults to True so you must set it to false on each participating Traveler server.

  • Check the internet site document for the Traveler endpoint for a session override rule for /traveler.

    If there is a rule, delete it and then restart the Domino HTTP server.

Unable to configure a client to Traveler

  • Make sure that you can login to the Traveler home page from the mobile browser.
  • Make sure you are using a supported client. The SAML support is supported only with the HCL Verse clients. For more information, see HCL Verse client setup for SAML authentication.
  • Ensure that the Traveler endpoint has a valid SSL certificate. The HCL Verse clients do not work with a self-signed certificate.
  • If you are using ADFS as the IDP and it is configured to use Windows Integrated Authentication (WIA), the HCL Verse clients cannot support a NTLM prompt. A forms based login page needs to be setup by your ADFS Administrator. For more information, see the Microsoft documentation for configuring intranet forms-based authentication for devices that do not support WIA.