We are getting an error in the integration with SSO in a customer in the authentication after redirect to the custoer's SSO . Does anybody knows if there any log files related with info on the server and in that case in which path?
Solved! Go to Solution.
Hey @SergioGonzalez - I'm checking this in your cluster 😉 I'll be back with info shortly.
I suppose that's the reason (found in a server.log) :
2021-11-10 15:13:16 UTC INFO [<server,0x1>] [SsoAuthenticatedStateSAML] Invalid SAML response: Not supported <NameId> format in SAML response: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
NameId is a login on the Dynatrace Managed side. All formats are accepted by Dynatrace Managed, so you can choose the format that best fits your policy rules. In this case you've used what is recommended by us - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
I recommend reaching out to our Dynatrace ONE via help chat so they can help you solve the issue and configure properly your SSO. Community forum is a great place to ask for feedback, but in this case we need to be careful to not share any sensitive information by accident.
In that particular error, Dynatrace says that this NameId format is not on the list of supported NameId formats. You have three options:
1) Configure you SSO to list emailAddress as a supported format, then import the file again to Dynatrace Managed.
2) Edit manually the metadata file and add this line next to other formats:
3) Disable checking NameId format (in Advanced panel in the CMC - SAML configuration page)
Also note that the username returned from your SSO is not in the format of email address. For example, cc-jlor***
Thaks Radoslaw, very helpful!. I have ask directly here because DT1 chat has asked to the customer to open a ticket but I haven´t access yet to the enviroment as partner, so I did´t have the chance to edit my user properties to create a ticket...instead of that, i asked here as I know that usually is the fastest way.