Ignite Global Support Home Start a conversation Sign in
Start a conversation
  1. FogBugz Support
  2. FogBugz Articles
  3. Articles

Resolving "Error 500" in SAML-SSO Integration with AzureAD via PINGID

Overview

You encounter an "Error 500" during SAML-SSO integration testing with AzureAD via PINGID, with an error message about an invalid X.509 certificate. This issue is known to occur in FogBugz On-Premises due to configuration saving problems. A workaround involves ensuring the certificate is in PEM format and applying a database script to save the configuration correctly.

Information

Error Message: "Error 500" with invalid X.509 certificate message during SAML-SSO integration testing.

Cause: The issue arises from a known problem in FogBugz On-Premises where the Identity Provider URL and Public X.509 Signing Certificate may not save correctly, leading to intermittent errors.

Resolution Steps:

  1. Verify Certificate Format:
    • Ensure the X.509 certificate is the public signing certificate from your Identity Provider.
    • Confirm it is in PEM format, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, with no extra spaces or line breaks.
  2. Apply Database Script Workaround:
    • Open SQL Server Management Studio and connect to your FogBugz database.
    • Use the following script, replacing placeholders with your actual database name, Identity Provider URL, and X.509 certificate (formatted as a single line):
  3. USE <your_database_name>
DECLARE @sSAMLIdentityProviderUrl nvarchar(255)
DECLARE @sSAMLSigningCert nvarchar(max)
SET @sSAMLIdentityProviderUrl = 'https://login.youridp.com/<unique_id>/saml2'
SET @sSAMLSigningCert = '-----BEGIN CERTIFICATE-----MIIC8...-----END CERTIFICATE-----'
IF ((SELECT COUNT(*) FROM SAMLConfig) > 0)
UPDATE SAMLConfig SET sSAMLIdentityProviderUrl = @sSAMLIdentityProviderUrl, sSAMLSigningCert = @sSAMLSigningCert WHERE ixSAMLConfig = (SELECT MIN(ixSAMLConfig) FROM SAMLConfig);
ELSE
INSERT INTO SAMLConfig (sSAMLIdentityProviderUrl, sSAMLSigningCert) VALUES (@sSAMLIdentityProviderUrl, @sSAMLSigningCert);
SELECT * FROM SAMLConfig
  4. Validate Configuration:
    • After applying the script, attempt to log in via SSO to verify the resolution.
  5. Additional Checks:
    • Ensure your FogBugz site is accessible via HTTPS only.
    • Verify the certificate chain on your server is up to date and trusted.
    • Check for any firewall or proxy issues that might block outbound HTTPS requests to Azure AD.

Important: If issues persist, consider reviewing diagnostic files for additional error details or contact support for further assistance.

Frequently Asked Questions

How do I know if this error applies to my situation?
You will see an "Error 500" with an invalid X.509 certificate message during SAML-SSO integration testing with AzureAD via PINGID.
What should I do if the certificate format is correct but the error persists?
Apply the database script workaround to ensure the configuration is saved correctly. If the issue continues, check for HTTPS enforcement and any network issues.
Can I use the same workaround for other Identity Providers?
Yes, the workaround applies to any Identity Provider as long as the issue is related to configuration saving in FogBugz On-Premises.
Choose files or drag and drop files
ai_initiated
atlas_studio
kb_automation
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments