SAML authentication is failing due to ONTAP certificate expired
Applies to
- ONTAP System Manager (OSM)
- Identity Provider (IDP)
- Security Assertion Markup Language [SAML]
Issue
ONTAP System Manager UI Error
The system encountered an error at Fri May 17 20:47:06 2024 at https://10.x.x.x/saml-sp/SAML2/POST
SAML response reported an IdP error.
Error from identity provider:
Status: urn:oasis:names:tc:SAML:2.0:status:Responder
ONTAP Audit Logs:
[kern_audit:info:81940] 8503e8000000c9cf :: cluster1:http :: 10.x.x.x:11937 :: cluster1:unknown :: POST /saml-sp/SAML2/POST HTTP/1.1 :: Error: 500 Internal Server Error
ONTAP Shibd.log
[kern_shibd:info:81938] WARN Shibboleth.SSO.SAML2 [3] [default]: error processing incoming assertion: SAML response reported an IdP error.
[kern_shibd:info:81938] INFO Shibboleth-TRANSACTION [1] [default]: New session (ID: _81346b76ca617329a01d84737a6f9e1a) with (applicationId: default) for principal from (IdP: http://adfs2/adfs/services/trust) at (ClientAddress: 10.x.x.x) with (NameIdentifier: none) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: _3abd718a-af95-4f06-aecb-8c40becaebef)