When enabling SAML in System Manager the MFA process goes through, but returns the error "Authorization failed for the resource at /sysmgr/v4/"
Applies to
Data ONTAP 9.9.1P9
Issue
- When enabling SAML the MFA process goes through however authentication fails with the error:
SAML Service Provider Authorization Failed
The SAML service provider did not identify the user that was authenticated. Ensure that the SAML identity provider is configured to include in its assertion a "uid" attribute (SAML name "urn:oid:0.9.2342.19200300.100.1.1") whose value matches the service provider user name.
Authorization failed for the resource at "/sysmgr/v4/"
- In the .json return we see the
attrname-format
isbasic
.
<saml:Attribute Name=\"urn:oid:0.9.2342.19200300.100.1.1\" NameFormat=\"urn:oasis:names:tc:SAML:2.0:attrname-format:basic\"> <saml:AttributeValue xsi:type=\"xs:string\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">EXAMPLEUSERNAME </saml:AttributeValue> </saml:Attribute>