SAML service provider did not identify the user that was authenticated in ONTAP System Manager
Applies to
- ONTAP System Manager (OSM)
- Identity Provider (IDP)
- Security Assertion Markup Language [SAML]
Issue
ONTAP System Manager UI Error
SAML Service Provider
Authorization Failed
The SAML service provider did not identify the user that was authenticated. Ensure that the SAML identity provider is configured to include in its assertion a "uid" attribute (SAML name "urn:oid:0.9.2342.19200300.100.1.1") whose value matches the service provider user name.
Authorization failed for the resource at "/sysmgr/v4/"
ONTAP shibd.log
[kern_shibd:info:81938] INFO Shibboleth.AttributeExtractor.XML [3] [default]: skipping SAML 2.0 Attribute with Name: urn:oid:1.3.6.1.4.1.5923.1.5.1.1, Format:urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified
kern_shibd:info:81938] INFO Shibboleth.SessionCache [3] [default]: new session created: ID (_dc74c3810e4e8c90e45d91c870cefa6f) IdP (http://adfs2/adfs/services/trust) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (10.x.x.x)
[kern_shibd:info:81938] INFO Shibboleth-TRANSACTION [3] [default]: New session (ID: _dc74c3810e4e8c90e45d91c870cefa6f) with (applicationId: default) for principal from (IdP: http://adfs2/adfs/services/trust) at (ClientAddress: 10.x.x.x) with (NameIdentifier: uid) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: _571a1007-2bc3-42bb-8617-92427da3d111)