If you have been successfully authenticated by DualShield authentication server, however are now able to login to SalesForce and see the following error message:
Login to the Salesforce configuration console. Navigate to "Security Controls" | "Single Sign-On Settings", click "SAML Assertion Validator", and you should see the error details:
. 
Below are examples of two common error messages.
Example 1:
Cause: The login name returned by DualShield does not exist in Salesforce or does not match your account name in Salesforce.
How to Fix: Change the NameID format in the Service Provider settings in DualShield to the appropriate format. For instance, if your SalesForce account name is in the format of UPN, then change the NameID format to UPN:
Example 2:
Cause: The system clock of your DualShield Server is incorrect.
How to Fix: Correct the system clock of your DualShield Server.