This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSO integration error on Managed

Go to solution
SergioGonzalez
Visitor

‎15 Nov 2021 09:19 AM

We are getting an error in the integration with SSO in a customer in the authentication after redirect to the custoer's SSO . Does anybody knows if there any log files related with info on the server and in that case in which path?

 

Thanks!,

Sergio

Labels:
ErrorSSO.png
137 KB
0 Kudos
Reply
4 REPLIES 4

Go to solution
Radoslaw_Szulgo
Inactive

‎15 Nov 2021 10:40 AM

Hey @SergioGonzalez  - I'm checking this in your cluster 😉 I'll be back with info shortly.

Senior Product Manager,
Dynatrace Managed expert
Reply

Go to solution
Radoslaw_Szulgo
Inactive
In response to Radoslaw_Szulgo

‎15 Nov 2021 11:22 AM

I suppose that's the reason (found in a server.log) :

2021-11-10 15:13:16 UTC INFO [<server,0x1>] [SsoAuthenticatedStateSAML] Invalid SAML response: Not supported <NameId> format in SAML response: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

 

NameId is a login on the Dynatrace Managed side. All formats are accepted by Dynatrace Managed, so you can choose the format that best fits your policy rules. In this case you've used what is recommended by us - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

 

I recommend reaching out to our Dynatrace ONE via help chat so they can help you solve the issue and configure properly your SSO. Community forum is a great place to ask for feedback, but in this case we need to be careful to not share any sensitive information by accident.

 

In that particular error, Dynatrace says that this NameId format is not on the list of supported NameId formats. You have three options:

1) Configure you SSO to list emailAddress as a supported format, then import the file again to Dynatrace Managed. 

2) Edit manually the metadata file and add this line next to other formats:

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

3) Disable checking NameId format (in Advanced panel in the CMC - SAML configuration page) 

Radoslaw_Szulgo_0-1636975319547.png

 

Also note that the username returned from your SSO is not in the format of email address. For example, cc-jlor***

Senior Product Manager,
Dynatrace Managed expert
Reply

Go to solution
SergioGonzalez
Visitor
In response to Radoslaw_Szulgo

‎15 Nov 2021 11:39 AM

Thaks Radoslaw, very helpful!. I have ask directly here because DT1 chat has asked to the customer to open a ticket but I haven´t access yet to the enviroment as partner, so I did´t have the chance to edit my user properties to create a ticket...instead of that, i asked here as I know that usually is the fastest way.

Reply

Go to solution
Walter2
Helper
In response to Radoslaw_Szulgo

‎17 Jun 2024 03:15 PM

Hello, im having the same issue with our client, was trying to import the certificate from azzure but i had error, then i did the step 2 manualy edited the file and i was able to import the certificate. but still having the same error of authentication.

0 Kudos
Reply
Ask a question

Featured Posts