15 Nov 2021 09:19 AM
We are getting an error in the integration with SSO in a customer in the authentication after redirect to the custoer's SSO . Does anybody knows if there any log files related with info on the server and in that case in which path?
Thanks!,
Sergio
Solved! Go to Solution.
15 Nov 2021 10:40 AM
Hey @SergioGonzalez - I'm checking this in your cluster 😉 I'll be back with info shortly.
15 Nov 2021 11:22 AM
I suppose that's the reason (found in a server.log) :
2021-11-10 15:13:16 UTC INFO [<server,0x1>] [SsoAuthenticatedStateSAML] Invalid SAML response: Not supported <NameId> format in SAML response: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameId
is a login on the Dynatrace Managed side. All formats are accepted by Dynatrace Managed, so you can choose the format that best fits your policy rules. In this case you've used what is recommended by us - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
I recommend reaching out to our Dynatrace ONE via help chat so they can help you solve the issue and configure properly your SSO. Community forum is a great place to ask for feedback, but in this case we need to be careful to not share any sensitive information by accident.
In that particular error, Dynatrace says that this NameId format is not on the list of supported NameId formats. You have three options:
1) Configure you SSO to list emailAddress as a supported format, then import the file again to Dynatrace Managed.
2) Edit manually the metadata file and add this line next to other formats:
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
3) Disable checking NameId format (in Advanced panel in the CMC - SAML configuration page)
Also note that the username returned from your SSO is not in the format of email address. For example, cc-jlor***
15 Nov 2021 11:39 AM
Thaks Radoslaw, very helpful!. I have ask directly here because DT1 chat has asked to the customer to open a ticket but I haven´t access yet to the enviroment as partner, so I did´t have the chance to edit my user properties to create a ticket...instead of that, i asked here as I know that usually is the fastest way.
17 Jun 2024 03:15 PM
Hello, im having the same issue with our client, was trying to import the certificate from azzure but i had error, then i did the step 2 manualy edited the file and i was able to import the certificate. but still having the same error of authentication.