FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SSO integration error on Managed

Go to solution
SergioGonzalez
Visitor

‎15 Nov 2021 01:19 AM

We are getting an error in the integration with SSO in a customer in the authentication after redirect to the custoer's SSO . Does anybody knows if there any log files related with info on the server and in that case in which path?

 

Thanks!,

Sergio

Labels:
ErrorSSO.png
137 KB
0 Kudos
Reply
3 REPLIES 3

Go to solution
Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru

‎15 Nov 2021 02:40 AM

Hey @SergioGonzalez  - I'm checking this in your cluster 😉 I'll be back with info shortly.

Senior Product Manager,
Dynatrace Managed expert
Reply

Go to solution
Radoslaw_Szulgo
Dynatrace Guru
Dynatrace Guru
In response to Radoslaw_Szulgo

‎15 Nov 2021 03:22 AM

I suppose that's the reason (found in a server.log) :

2021-11-10 15:13:16 UTC INFO [<server,0x1>] [SsoAuthenticatedStateSAML] Invalid SAML response: Not supported <NameId> format in SAML response: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

 

NameId is a login on the Dynatrace Managed side. All formats are accepted by Dynatrace Managed, so you can choose the format that best fits your policy rules. In this case you've used what is recommended by us - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

 

I recommend reaching out to our Dynatrace ONE via help chat so they can help you solve the issue and configure properly your SSO. Community forum is a great place to ask for feedback, but in this case we need to be careful to not share any sensitive information by accident.

 

In that particular error, Dynatrace says that this NameId format is not on the list of supported NameId formats. You have three options:

1) Configure you SSO to list emailAddress as a supported format, then import the file again to Dynatrace Managed. 

2) Edit manually the metadata file and add this line next to other formats:

<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>

3) Disable checking NameId format (in Advanced panel in the CMC - SAML configuration page) 

Radoslaw_Szulgo_0-1636975319547.png

 

Also note that the username returned from your SSO is not in the format of email address. For example, cc-jlor***

Senior Product Manager,
Dynatrace Managed expert
Reply

Go to solution
SergioGonzalez
Visitor
In response to Radoslaw_Szulgo

‎15 Nov 2021 03:39 AM

Thaks Radoslaw, very helpful!. I have ask directly here because DT1 chat has asked to the customer to open a ticket but I haven´t access yet to the enviroment as partner, so I did´t have the chance to edit my user properties to create a ticket...instead of that, i asked here as I know that usually is the fastest way.

Reply
Ask a question