SAML authentication fails with "not authorized to access the resource"
Applies to
- ONTAP System Manager 9.3 and later
- Security Assertion Markup Language (SAML)
Issue
Failed to login using SAML.
Web UI error:
SAML Service Provider
Authorization Failed
Based on the information provided to this application about you, you are not authorized to access the resource at "/sysmgr/v4/"
- Cluster mgwd.log
00000030.0002fd38 0734d781 Tue Nov 17 2020 10:19:32 -05:00 [kern_mgwd:info:2311] No profile exists for user 'domain_user_name', application 'http', authmethod 'saml', vserver 4294967295
- shibd.log
00000030.0002fd32 0734d781 Tue Nov 17 2020 10:19:32 -05:00 [kern_shibd:info:59302] INFO Shibboleth.SessionCache [2] [default]: new session created: ID (_6449675cfda2fbe0b5c989faed4b4466) IdP (http://adfs2/adfs/services/trust) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (adfs_server_name)
00000030.0002fd33 0734d781 Tue Nov 17 2020 10:19:32 -05:00 [kern_shibd:info:59302] INFO Shibboleth-TRANSACTION [2] [default]: New session (ID: _6449675cfda2fbe0b5c989faed4b4466) with (applicationId: default) for principal from (IdP: http://adfs2/adfs/services/trust) at (ClientAddress: adfs_server_name) with (NameIdentifier: domain_user_name) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: _580b979c-b823-47ff-9641-18b15d22558d)
00000030.0002fd34 0734d781 Tue Nov 17 2020 10:19:32 -05:00 [kern_shibd:info:59302] INFO Shibboleth-TRANSACTION [2] [default]: Cached the following attributes with session (ID: _6449675cfda2fbe0b5c989faed4b4466) for (applicationId: default) {
00000030.0002fd35 0734d781 Tue Nov 17 2020 10:19:32 -05:00 [kern_shibd:info:59302] INFO Shibboleth-TRANSACTION [2] [default]: ^Iuid (1 values)