Logging into System Manager with SAML and using IdP Groups results in a blank page
Applies to
- ONTAP 9.14.1, 9.15.1, 9.16.1
- ONTAP System Manager (OnBox)
- SAML Authentication with PingFederate or Microsoft EntraID
Issue
- SAML with PingFederate or Microsoft EntraID are configured
- ONTAP is configured with domain groups instead of adding SAML users directly
- After logging in, System Manager displays a blank web page
Errors seen in logs:
apache-access.logusername [Mon Jun 16 18:10:01.558004 2025 +0000] "GET /api/private/cli/security/login/whoami HTTP/1.1" 500 110 15012 - 4 - 127.0.0.1 - - SMv4username [Mon Jun 16 18:10:02.432214 2025 +0000] "GET /api/cluster/software?return_timeout=120 HTTP/1.1" 500 110 15235 - 0 - 127.0.0.1 - - SMv4
mgwd.log0000001c.026408c5 0c030724 Mon Jun 16 2025 14:10:01 -04:00 [kern_mgwd:warning:3367] ZAPILIB:821720400:Line too long for buffer0000001c.026408c6 0c030724 Mon Jun 16 2025 14:10:01 -04:00 [kern_mgwd:error:3367] ZAPILIB:821720400:Failed to read line0000001c.026408c7 0c030725 Mon Jun 16 2025 14:10:01 -04:00 [kern_mgwd:error:3367] ZAPILIB:821720400:** pre_process_request_headers:: Failed to read the request header !!! **0000001c.026408c8 0c030725 Mon Jun 16 2025 14:10:01 -04:00 [kern_mgwd:error:3367] ZAPILIB:821720400:** ZAPIPostWorkFunc:: Sending HTTP Canned Response **
sysmgr.log0000001c.026408f7 0c030725 Mon Jun 16 2025 14:10:03 -04:00 [kern_sysmgr:error:98658] 10.35.242.12|username|ERROR|osm4|1750097400523|Mon Jun 16 2025,14:10:2.488||[SM server error]{"headers":{"normalizedNames":{},"lazyUpdate":null},"status":500,"statusText":"Internal Server Error","url":"https://cluster.domain.com/api/clust...rn_timeout=120","ok":false,"name":"HttpErrorResponse","message":"Http failure response for https://cluster.domain.com/api/clust...rn_timeout=120: 500 Internal Server Error","error":"<HTML><HEAD><TITLE>500 Internal Server Error</TITLE></HEAD><BODY><H1>Internal Server Error</H1></BODY></HTML>\n"}