Home
On Premises
ONTAP 9
ONTAP Management
System Manager
ONTAP System Manager KBs
SAML authentication fails for Cisco DUO with missing uid attribute

SAML authentication fails for Cisco DUO with missing uid attribute

Last updated

Feb 28, 2025
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 845

Visibility:: Public

Votes:: 0

Category:: oncommand-system-manager

Specialty:: om

Last Updated:: 2/28/2025, 7:11:06 PM

Applies to

ONTAP System Manager 9.12.1+
Cisco DUO

Issue

Starting with ONTAP 9.12.1, Cisco DUO is a supported IdP.
When configuring Cisco DUO, System Manager authentication fails with:
The SAML service provider did not identify the user that was authenticated. Ensure that the SAML identity provider is configured to include in its assertion a"uid" attribute (SAML name "urn:oid:0.9.2342.19200300.100.1.1") whose value matches the service provider user name. Authorization failed for the resource at "/sysmgr/v4/"
The apache-error log from the cluster shows:
[Thu Jul 13 18:24:21.619555 2023 +0000] [dot:error] [pid 47409:tid 34410555392] [client 10.247.250.234:61560] The user authenticated through SAML or OIDC, but the service provider did not provide a user ID needed for authorization. [Thu Jul 13 18:24:21.619569 2023 +0000] [authz_core:error] [pid 47409:tid 34410555392] [client 10.247.250.234:61560] AH01631: user : authorization failure for "/sysmgr/v4/"