Troubleshooting
You can enable find the logging of SSO in the DAM website folder\DigizuiteCore\loginservice\appsettings.json
By setting the "EnableLocalLogging": true
That will give you more information on the errors you encounter in the log called LoginService.txt under the DAMs log files. logs for SSO here:
...
Select the LoginService in the filter.
A tool to access the tokens being sent back and forward is highly recommended.
e.g. rcFederation Tracer for Chrome or Edge
This can easily help with debugging the reponses passed back and forth.
Specific users has problems logging in
If a specific user has problems logging in, it can be the user has been maually created with the email adresse. Check if there is a duplicate user and remove the manually created user.
The system does not allow duplicate emails.
It can also be due to a too long access token if a user is a member of too many groups. Then please try and limit the amount of groups being passed along in the token.
Known issues
/wiki/spaces/PSBOK/pages/2262040577Currently you need membership of atleast 1 group if Full sync or AddOnly is enabled before your allowed to login