SSO Support for Busy IT Admins 3 — Finding Help When You Need It (Desperately)
So, that’s it… you’ve been given the weighty responsibility of SSO support for your organization. Or perhaps you’re new to the IAM team. Now what?
This post is the third in five-part series on the Fundamentals of SSO Support for IT Administrators.† You can see our first post here, and our second post here. Our fourth post can be found here, and our fifth post here.
Master the Art of Google-Fu
Quick! Something is broken. An obscure error message fills your screen when you try to log in. Who ever is going to help you?!
It’s a bird, it’s a plane, it’s…
a powerful heuristic search engine!
A powerful discriminator between those who provide SSO support well, and those that don’t, is the ability to effectively search out solutions to one’s problem. In 99% of cases, whatever issue you’re encountering that you need to fix.
Here are some quick tips to make your searches more fruitful:
- Use quotation marks. Searching for
"shibboleth" log file locationwill be more likely to give you good results than
shibboleth log file location
- Use minus signs liberally to restrict keywords:
"shibboleth" sp -idpwill limit your results to only Service Provider content (ideally)
- Search specific sites using a colon:
shibboleth sp site:wiki.shibboleth.netto search the Shib wiki using Google
- Search sites that link to a particularly useful resource for explanatory content, i.e.
best practices link:wiki.shibboleth.net
- Try using Google Advanced Search
For more advanced search operators, see: Google Advanced Search Operators: The Ultimate List (40+ Advanced Operators)
Get Help from Others
Okay, Google hasn’t been that helpful. It’s not a miracle cure for all of your SSO Support needs. Maybe it’s pointed you in a couple of directions, but you’re still unsure. No worries… everyone has been there. Which is why, during your searches, you should have encountered tons of resources for where to ask your unanswered questions.
These can be more or less helpful, depending upon the community, who frequents it, who answers questions, and perhaps most importantly… how you ask the questions. Never post to a forum:
ADFS won’t work. What do?! Error -2146885613
Because you’re NOT going to get anything from that. To give you insight into what makes a good question on ANY forum or mailing list, take a look at the StackOverflow guide to asking questions.
Here are some good places to keep in mind for getting help:
- Shibboleth Users Mailing List (though there are better options for SSO Support for Shibboleth Consortium Members)
- Microsoft ADFS Technet Forum
- SimpleSAMLphp Google Group
- The StackOverFlow
- Forums/channels related to your particular OAuth library, i.e. the PHPLeague OAuth2 Client Gitter
Get Help From a Professional
We’d be remiss to not mention ourselves here. If you’re really struggling with a problem, and none of the above have helped, we’re here.
IDM Engineering is a team of dedicated, honest SSO support engineers that are readily available to help you architect a new single sign on environment, manage or improve existing SSO infrastructure, or just dig in and quickly solve a integration issue. We speak SAML… and OAuth… and ADFS… and SimpleSAMLphp… and more. Furthermore, we have a carefully curated collection of technological experience and expertise that can assist you with whatever single sign-on issue you’re facing.
Next time… Keeping Tabs on Your SSO Environment
We’ll dive into best practices for monitoring your environment… keeping tabs on your servers, looking for problems before they occur, and conducting regular maintenance will help your future self not hate single sign-on so much!
† Or — how I learned to stop worrying and love XML.