Unable To Login Using SAML Due To Error 217

How to resolve when it is not possible to login using SAML dur to error 217?

This error generally occurs if there is an issue with the certificate or with the SAML configuration settings. Validate the below

  • Identity URL should be used. In case of On-premise it will https://<orchURL>/identity and in case of PaaS deployment it will be https://<IdentityAppSeviceURL>/identity.
  • Other configurations as per the Single Sign On Authentication Using SAML2 .
  • The SAML signing certificate is added to both Orchestrator and Identity App Service.
  • Provide an empty string("") to the service certificate thumbprint section and don't leave it to blank.

If still the issue persists, then it could be due to the App Service unable to access the settings correctly from Database. In this scenario, try adding the SAML 2 settings in a file. Follow the steps given below :

  1. Create a file named saml2.xml with the below values-

<?xml version="1.0" encoding="utf-8"?>



<section name="sustainsys.saml2" type="Sustainsys.Saml2.Configuration.SustainsysSaml2Section, Sustainsys.Saml2" />








entityId="<entityId from SAML metadata>"

signOnUrl="Single Sign On URL from SAML metadata"






findValue="<signing cert thumbprint>"






  1. Add the same in the identity App service root directory(same folder where appsetting.json file resides)
  2. Add the below section in the appsetting.json file-

"Authentication": {

"Saml2": {

"ConfigFile": "saml2.xml"



  1. Restart the Appservice and retry .