If you have been successfully authenticated by DualShield authentication server, but you are not able to login to SalesForce and receive the following error message:
Login to the Salesforce Setup console, navigate to "Security Controls" | "Single Sign-On Settings", click "SAML Assertion Validator", and you will see the error details:
. 
Below are examples of two common error messages.
Example 1:
Cause: The login name returned by DualShield does not exist in Salesforce or does not match with your account name in Salesforce
How to Fix: Change the NameID format in the Service Provider settings in DualShield to the appropriate format. For instance, if your Saleforce account name is in the format of UPN then change the NameIF format to UPN.
Example 2:
Cause: The system clock of your DualShield server is incorrect.
How to Fix: Correct the system clock of your DualShield server.