Frequently Asked Questions

Below are the most frequently asked questions when starting out with a myOneLogin integration. Read these to get started, or as a troubleshooting guide.

If you have a question that you would like to hear an answer to, or suggestions for additions on this page, don't hesitate to email developer@myonelogin.com.

General Questions

Troubleshooting Questions



General Questions

How do I get a test account with myOneLogin?

If you don't already have a developer account with myOneLogin, you can sign up for one today at https://developer.myonelogin.com.

What is a SAML assertion?

When we talk about SAML assertions in this documentation, we refer to the SAML1.1 assertions that myOneLogin generates by default and can be trusted by your SAML validation process. Click click here for an example of what one looks like.

How do I get my users into myOneLogin?

myOneLogin supports both internal and external credential stores. Management of the internal credential store is accessible to the myOneLogin organization administrators through the web interface. myOneLogin can also be configured to point to external user credential stores such as Active Directory, LDAP, and third party websites.

Is there an API to manipulate the myOneLogin internal credential store?

Not yet. We are working on this API and as soon as it's available, we'll announce it on the blog.

Can I restrict where the SAML assertions are sent?

Yes. As you probably have seen, when creating a request for SAML generation, the successRedirect parameter can direct the SAML to any location. This is true at https://developer.myonelogin.com, where the "Trusted Destinations" list allows any targets. When configuring your own organization, you can lock down this list to specific approved destinations, e.g. your internal or partners' applications.

Are my users required to use pictures, welcome messages, and/or cookies and certificates for authentication?

No. myOneLogin supports a verity of configurable authentication methods. The pictures and welcome messages along with browser cookies and browser certificates are used for the free developer accounts as an example of one type of zero-footprint authentication type.

Troubleshooting Questions

Why can I not connect to the web service using HTTPS?

If you are using our sample code, you may not have all the prerequisites to run them straight off the bat. One example is our PHP sample. Even though you have SOAP support, you may not have SSL support, which will force you to use HTTP when connecting to our web service. Change the HTTPS to HTTP, and you should be fine. Another alternative is to install an SSL package, for you to use HTTPS with SOAP.

Windows Specific: It may be as simple as enabling the openssl extension. Look inside your php.ini file, find the line with "extension=php_openssl.dll" and uncomment it. Also search your harddrive for ssleay32.dll to make sure you have it your windows/system32 folder.

Why does the SAML validation service say that I have a "recipient mismatch"?

SAML response is not valid: org.opensaml.FatalProfileException: detected recipient mismatch in POST profile response

This is the response when the recipient inside the SAML assertion is not the same as the one passed into the validate call via the "recipientName" parameter. When myOneLogin generates the SAML assertion, the successRedirect parameter is used as recipientName (unless configured to explicitly use something else).

Why can I not run the Perl example code?

add #!/usr/local/bin/perl as the first line in the script.

The sample Perl script has the first like removed, to prevent it from executing on our own web servers. After downloading the example, you will have to change the script to include a reference to your Perl installation.