Articles in this section

See more

Server error occurred caused by line breaks in AD User Attributes

Avatar
Nana Madrid
Updated
Follow

About this article

This article refers back to the end-user who is experiencing a Server Error Occurred- please contact Templafy Support in the Templafy task pane in the Office applications.

Please contact Support and send a screenshot with the Operation ID so they can validate the exact cause of the error.

 

Prerequisites

 
  • Admin Access to ADFS on premise.

 

Issue description

Some attributes may contain line breaks in Active Directory and authentication fails as a result of this. The issue is not caused by Templafy, as we are using the standard sustainsys.saml2 library to support SAML2 authentication. The error is caused by a bug in ADFS where the IdP permits multi-line attributes to be used and signing it. This leads to a tampering of the signature which as a result Templafy cannot decrypt. Due to this issue, Cloud IdPs such as Azure, Okta, OneLogin do not allow for multi-line values to be inserted in their setup, mitigating this issue.

 

Resolution

The solution to this has come by checking and ensuring that the affected users ADFS account attributes contain no line breaks or white spaces.

 

Steps to solve this issue

 
  • Make sure to involve your IT department since this solution requires Admin access to ADFS on premise.
  • Once the changes have need made, ensure the AD account has synchronized to Azure before testing the access.
  1.  Go to an affected user's account in ADFS on premise.

  2.  Ensure there are no line breaks or white spaces within the attributes in the different sections, putting emphasis on the Street address and Telephone number attributes since we have experienced the most frequent issues with those two.

    On_prem_ADFS.png

 

  • You can check for white spaces by clicking into each attribute's end character and using the backspace key on the keyboard to check if there was an existing space.

    If there is a line break, make sure the affected attribute gets written all in one line if possible.

 

 
  • Once the AD attributes have been modified to not contain line breaks, the affected user should log into the web-app (TENANT_NAME.templafy.com ) via an incognito browser and sign into Templafy Desktop again in order to update the AD claims.
  • Please be aware that changes in AD attributes might not be reflected immediately if ADFS needs time to synchronize with Azure AD.

 

If it is not possible to adjust the AD attributes due to scaling or other factors, there is an alternative option. Adjust the SAML2 configuration to not send the claim that causes the problem and instead using a data source on the Templafy tenant that contains the required information.

If you need further assistance, please contact support@templafy.com to schedule a troubleshooting session.

 

Related articles

 

 

 

Related articles

Comments

0 comments

Article is closed for comments.