Environment
In a system where the DualShield IIS Agent is being used to secure an IIS website or a web application
Issue
After a user has been successfully authenticated by DualShield SSO, the user is redirected to the URL at '/SAML2/login', but this page returns 500 - Internal server error
Cause
Using the browser developer tool (F12), an internal error message "Invalid SAML Response" is found. This SAML error can be caused by many things, and one of the common causes is that the timestamp of the SAML response is invalid, either too far in the past or in the future. The invalid timestamp is due to an incorrect computer clock on either the DualShield server or the IIS server machine.
Resolution
Fix the incorrect clock on either the DualShield server or the IIS server machine.