At this point, you should be able to perform SAML single sign-on between the iChainSite and eMartian applications. If you are having difficulty, the following list contains common problems and possible workarounds:
Assertion Generation error, unknown affiliate: This is caused by an Aid parameter in the intersite transfer URL that does not have anything in the site's Trusted Affiliates. Make sure that the Aid has a corresponding Site ID in the Trusted Affiliates. The CN of the object is not what matters; the Site ID value in the General page is the value that is used.
Assertion Receive error, unknown affiliate: This is similar to the Assertion Generation error, however, in this case the receiving site does not have any information about the issuer of the assertion. Make sure that you have a Trusted Affiliate object with a Site ID that matches the incoming SAML assertion's issuer. Again, the CN of the object does not matter; the Site ID value on the Trusted Affiliate object is the important value.
Assertion Not Yet Valid or Assertion No Longer Valid: SAML assertions contain time stamp values that limit how long they are considered valid. These values are set on the Trusted Affiliate Assertions Properties page. Generally, the validity window for assertions is in minutes, so if two partner sites have clocks that do not match closely, you encounter validity period problems. Make sure that the partner sites have system clocks that are synchronized within one or two minutes.
Untrusted Certificate: This is a problem that comes up in the Browser/Artifact profile when a Site attempts to access an assertion over the server-to-server back channel. See Fine-Tuning the SAML Extension for detailed instructions on how to set up the security of this back channel. For quick reference, verify that the appropriate SOAP Responder URL uses http:// protocol rather than https:// protocol.
Unsigned, or Unable to Sign: This error is because of the Digitally Sign Assertions or Require Digital Signature settings in the Assertions Properties page being set. See the Fine-Tuning the SAML Extension for detailed instructions on how to setup XML signature generation and validation. For quick reference, verify that neither the Generate or Require check boxes are checked in the Assertions Properties page.