cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSO integration error on Managed

SergioGonzalez
Visitor

We are getting an error in the integration with SSO in a customer in the authentication after redirect to the custoer's SSO . Does anybody knows if there any log files related with info on the server and in that case in which path?

 

Thanks!,

Sergio

4 REPLIES 4

Radoslaw_Szulgo
Inactive

Hey @SergioGonzalez  - I'm checking this in your cluster 😉 I'll be back with info shortly.

Senior Product Manager,
Dynatrace Managed expert

I suppose that's the reason (found in a server.log) :

2021-11-10 15:13:16 UTC INFO [<server,0x1>] [SsoAuthenticatedStateSAML] Invalid SAML response: Not supported <NameId> format in SAML response: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

 

NameId is a login on the Dynatrace Managed side. All formats are accepted by Dynatrace Managed, so you can choose the format that best fits your policy rules. In this case you've used what is recommended by us - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

 

I recommend reaching out to our Dynatrace ONE via help chat so they can help you solve the issue and configure properly your SSO. Community forum is a great place to ask for feedback, but in this case we need to be careful to not share any sensitive information by accident.

 

In that particular error, Dynatrace says that this NameId format is not on the list of supported NameId formats. You have three options:

1) Configure you SSO to list emailAddress as a supported format, then import the file again to Dynatrace Managed. 

2) Edit manually the metadata file and add this line next to other formats:

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

3) Disable checking NameId format (in Advanced panel in the CMC - SAML configuration page) 

Radoslaw_Szulgo_0-1636975319547.png

 

Also note that the username returned from your SSO is not in the format of email address. For example, cc-jlor***

Senior Product Manager,
Dynatrace Managed expert

Thaks Radoslaw, very helpful!. I have ask directly here because DT1 chat has asked to the customer to open a ticket but I haven´t access yet to the enviroment as partner, so I did´t have the chance to edit my user properties to create a ticket...instead of that, i asked here as I know that usually is the fastest way.

Hello, im having the same issue with our client, was trying to import the certificate from azzure but i had error, then i did the step 2 manualy edited the file and i was able to import the certificate. but still having the same error of authentication.

Featured Posts