Connection failed due to invalid entityID

Error: Connection failed due to invalid entityID when using ADFS authentication

This error is seen when using ADFS authentication in Orchestrator and mostly caused when the certificate is not correct.

Turn ON verbose logging in Orchestrator by following below steps -
Instructions:

  • On the server where Orchestrator is installed, edit the Web.Config with a text editor
  • Scroll down and in the section <system.web> please add debug="true"
    • ​ targetFramework should be left as is.
    • Example: <compilation debug="true" targetFramework="4.7.2">
  • Once that is done, scroll down toward the bottom of the file and after </runtime> paste the following..
<system.diagnostics>
<switches>
<add name="Microsoft.Owin" value="Verbose" />
</switches>
<trace autoflush="true"></trace>
<sharedListeners>
<add name="file" type="System.Diagnostics.TextWriterTraceListener" initializeData="WebAppOwin.log" />
</sharedListeners>
<sources>
<source name="Microsoft.Owin">
<listeners>
<add name="file" />
</listeners>
</source>
</sources>
</system.diagnostics>
  • Save the file. Once the file is saved, give temporary full control to 'Everyone' on the Orchestrator directory, e.g. C:\Program Files (x86)\UiPath\Orchestrator
  • Browse the Orchestrator site. Once you see the login screen, click SAML to attempt to authenticate.
  • A file within Orchestrator directory named WebAppOwin.log will be created

Below error will be displayed in WebAppOwin.log if it is a certificate issue


To resolve this, try fetching correct certificate from ADFS and update web.config. If the issue still persists, create a new certificate and update web.config accordingly. Refer https://github.com/Sustainsys/Saml2/issues/493 in case if it helps.

Once the issue is resolved, remove the above additions from the Web.Config

Note: The article is relevant for all the versions except the ones with IS in place as these have all the ADFS setup done on the IS side, external providers.