Troubleshooting

This page provides troubleshooting strategies and the solutions for common errors.

• Something went wrong!

• Unexpected error when handling authentication request to identity provider.

• We were unable to verify your account. Please check with your local administrator.

• This site can’t be reached

• Redirected to STA IDP by providing wrong AD credentials.

• SSL certificate expired?

Something went wrong!

The following error message displays in the browser during authentication on the client machine:

In this case, a corresponding error is also recorded in the Docker logs:

Failed to resolve the hostname to ip : nil, client: <Client_IP>, server: _, request: "GET / HTTP/1.1", host: <Redirect_URL>

Possible causes

This error can occur if the admin provides FQDN (https://<FQDN>) in place of IP address (https://<ipaddress>) in the INTERNAL URL field while configuring the agent using STA console.

Solution

Perform the below steps to resolve the issue:

1. On the Docker machine's terminal, run the following command to navigate to the Docker container:

   sudo docker exec –it <container_name> /bin/ash

2. Run the following command to open the Docker container's host file:

   /etc/hosts

3. Enter the host entries of Internal URL.

4. Save the file.

Unexpected error when handling authentication request to identity provider.

The following error message displays in the browser during authentication:

!

Possible causes

This error can occur for any of the following reasons:

1. If the time on the host machine (where Docker container is running) does not match with STA.

   Solution: Update the time on the host machine to match with STA.

2. If the Internal URL is not reachable due to one of the following:

   • While configuring the agent using STA console, if the admin provides an incorrect port number in the INTERNAL URL field.

     Solution: Enter a valid port number of the protected application.

   • If the protected application is running on HTTP protocol and the admin provides HTTPS protocol in the INTERNAL URL field while configuring the agent using STA console, and vice-versa.

     Solution: You need to provide the same protocol in STA as in the protected application. For example, if the protected application is running on HTTP protocol, then you must provide HTTP protocol in STA.

   • If you are not able to ping the Internal URL.

     Solution: Check the network settings.

     

We were unable to verify your account. Please check with your local administrator.

The following error message displays in the browser during authentication:

Possible causes

You may encounter this error if you are using HTTP Basic Authentication scheme and using the credentials of an Active Directory user that is not available in STA.

Solution

You need to create a new user in STA, which is already available in your Active Directory.

This site can’t be reached

The following error message displays in the browser during authentication:

Possible causes

If you receive this error, it means that you have set the Redirect URL on HTTP protocol in STA and the Docker container is running on HTTPS protocol, or vice-versa.

Solution

While configuring the agent using STA console, you need to provide the same protocol in the REDIRECT URL field in STA as in the running Docker container. For example,

• If you are using HTTPS protocol in Docker container (443), then enter https//<redirect_URL> in the REDIRECT URL. Otherwise, for a non-default port, enter https//<redirect_URL>:port_number.

• If you are using HTTP protocol in Docker container (80), then enter http//<redirect_URL> in the REDIRECT URL. Otherwise, for a non-default port, enter http//<redirect_URL>:port_number.

Redirected to STA IDP by providing wrong AD credentials.

You are redirected to the STA IDP page if you provide wrong Active Directory credentials.

Possible causes

This error may occur if the agent is running on HTTP Basic Authentication scheme and the protected application is running on Anonymous Authentication.

Solution

To fix this issue, you need to provide the same authentication scheme in STA as in the protected application. It means, if you provide HTTP Basic Authentication scheme in STA, then the protected application should run on Basic Authentication.

SSL certificate expired?

If your SSL certificate expires.

Solution

You can change it from the Admin console. Perform the following steps to update the certificate:

1. Create a new SSL certificate and a key.

2. Open the Admin console.

3. Under Security Settings,

   1. In SSL CERTIFICATE, click Choose File to select and upload the new SSL certificate.
   2. In PRIVATE KEY, click Choose File to select and upload the new Private Key of the certificate.

4. Save the changes.

   

For any additional issues, contact Thales Customer Support.