SAML authentication fails due to incorrect assertion value
- Views:
- 69
- Visibility:
- Public
- Votes:
- 0
- Category:
- ontap-system-manager
- Specialty:
- om
- Last Updated:
- 9/20/2024, 5:54:30 AM
Applies to
- ONTAP 9.X
- ONTAP System Manger
- OKTA SAML
Issue
After configuring SAML with OKTA, the following error appears when attempting to access ONTAP System Manger.
Web UI error:
SAML Service Provider
Authorization Failed
Based on the information provided to this application about you, you are not authorized to access the resource at "/sysmgr/v4/"mgwd.log error:
00000017.02198302 0201e5fa Tue Aug 06 2024 20:22:48+00:00 [kern_mgwd:info:3642] No profile exists for user 'app.userName', application'http', authmethod 'saml', vserver 4294967295
shibd.log:
00000017.021982f9 0201e5fa Tue Aug 06 2024 20:22:48+00:00 [kern_shibd:info:45559] INFO Shibboleth.SessionCache [1] [default]: newsession created: ID (_eb6282fc32562641e1da70efae175a0f) IdP (okta_server) Protocol(urn:oasis:names:tc:SAML:2.0:protocol)Address (okta_server_ip)
00000017.021982fa 0201e5fa Tue Aug 06 2024 20:22:48 +00:00[kern_shibd:info:45559] INFO Shibboleth-TRANSACTION [1] [default]: New session(ID: _eb6282fc32562641e1da70efae175a0f) with (applicationId: default) forprincipal from (IdP: okta_server) at (ClientAddress: okta_server_ip) with (NameIdentifier:domain_user) using (Protocol:urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID:id25716852261066792083764217)
00000017.021982fb 0201e5fa Tue Aug 06 2024 20:22:48 +00:00[kern_shibd:info:45559] INFO Shibboleth-TRANSACTION [1] [default]: Cached thefollowing attributes with session (ID: _eb6282fc32562641e1da70efae175a0f) for(applicationId: default) {
00000017.021982fc 0201e5fa Tue Aug 06 2024 20:22:48 +00:00[kern_shibd:info:45559] INFO Shibboleth-TRANSACTION [1] [default]: ^Iuid (1values)