Join fellow LogicMonitor users at the Elevate Community Conference and get hands-on with our latest product innovations.

Register Now

Platform

Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

Platform Overview
Infrastructure Monitoring
Cloud Monitoring
Digital Experience
AIOPS

Solutions

Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

Solutions Overview
By Initiative
By Industry

Resources

Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

View Resources
Learn

About us

Get to know LogicMonitor and our team.

About us
Get to know us
Services

Documentation

Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

View Resources
Support
TRY IT FREE
ON DEMAND DEMO

Product Documentation

Troubleshooting SAML 2.0 Login Issues

Last updated on 12 June, 2025

As a result of the migration of SAML1 to SAML2, users authenticated using SAML-based Single Sign-On (SSO) may be logged out and not able to login again. You can experience various login scenarios depending on your IdP configuration and authentication. 

404 Not Found Error on Login Page

If you are getting a “404 Not Found” error on your login page, contact Customer Support.

Did Not Decrypt Error Due to Unsigned Response

The error occurs when the Identity Provider (IdP) is configured to sign only the SAML assertion instead of the entire response, which may not meet service provider requirements.

Requirements for Mitigating Did Not Decrypt Error Due to Unsigned Response

Admin user permissions for Active Directory Federation Services (ADFS)

Mitigating Did Not Decrypt Error Due to Unsigned Response

  1. Log in as admin user in your Active Directory Federation Services (ADFS).
  2. Select Relaying Party Trusts.
  3. Right-click on the required row from the Relaying Party Trusts table and copy the display name. 
  4. Launch PowerShell as administrator and run the following command, where “<Display Name>” is the name you copied from ADFS::
Set-ADFSRelyingPartyTrust -TargetName "<Display Name>" -SamlResponseSignature Both

If an error occurs with the above command, run the following command:

Set-ADFSRelyingPartyTrust -TargetName "<Display Name>" -SamlResponseSignature MessageAndAssertion
  1. Verify the setting using the following command:
Get-ADFSRelyingPartyTrust -Name "<Display Name>" | Select-Object SamlResponseSignature

The console displays the SAML response signature depending on which configuration successfully worked with your setup.
saml response signature screen
You can navigate back to your LogicMonitor portal and log in.

Blank Page or URL Redirection Loop Encountered During Access

The errors occurs if the Identity Provider (IdP) does not meet updated validation criteria and the RestrictSSO feature is enabled on the account.

Requirements for Mitigating Blank Page or URL Redirection Loop Encountered During Access

To mitigate blank page or URL redirection loop, you need the following:

  • Admin user permissions for Active Directory Federation Services (ADFS)
  • Restrict Single Sign On switch is enabled on the Security page. For more information, see Enforcing SSO.

Mitigating Blank Page or URL Redirection Loop Encountered During Access

  1. Log in as admin user in your Active Directory Federation Services (ADFS).
  2. Select Relaying Party Trusts.
  3. Right-click on the required row from the Relaying Party Trusts table and copy the display name. 
  4. Launch PowerShell as administrator and run the following command, where “<Display Name>” is the name you copied from ADFS::
Set-ADFSRelyingPartyTrust -TargetName "<Display Name>" -SamlResponseSignature Both

If an error occurs with the above command, run the following command:

Set-ADFSRelyingPartyTrust -TargetName "<Display Name>" -SamlResponseSignature MessageAndAssertion
  1. Verify the setting using the following command:
Get-ADFSRelyingPartyTrust -Name "<Display Name>" | Select-Object SamlResponseSignature

The console displays the SAML response signature depending on which configuration successfully worked with your setup.
saml response signature screen
You can navigate back to your LogicMonitor portal and log in.

SAML Destination Invalid Error When Using Shibboleth or SSOCircle

This error occurs with IdPs like Shibboleth or SSOCircle, which may send incomplete or mismatched redirect URLs, leading to destination or redirect errors.

Requirements for SAML Destination Invalid Error When Using Shibboleth or SSOCircle

Admin user permissions for Shibboleth or SSOCircle IDP

Mitigating SAML Destination Invalid Error When Using Shibboleth or SSOCircle

  1. Log in as admin user in Shibboleth.
  2. Download the current IDP metadata file.
  3. Open the metadata XML file and perform one of the following to the SingleSignOnService tag that uses the redirect binding:
    • Remove the redirect binding
    • Move the redirect binding under the POST binding tag to ensure that POST is set as the default binding.
      SSOCircle
  4. In LogicMonitor, upload the updated IDP metadata to your Service Provider configuration. For more information, see Enabling Single Sign-on.
    You can navigate back to your LogicMonitor portal and log in.
In This Article

Start Your Trial

Full access to the LogicMonitor platform.
Comprehensive monitoring and alerting for unlimited devices.