Issue
SSO users fail to login and get redirected to logout page immediately
Checking the logs in the instance (Syslog.list)
with the following filters :
message > contains> not found
AND
source=SAML2
The following message is observed :
User: abc@test.com not found
Release
Applicable to any release
Cause
The instance checks for the value in the NameID in the SAML response attribute and tries to find a match in the sys_user table based on 'User Field' mentioned in the Identity Provider record configuration . If a match is found in the instance the user is logged in .
For example if the below is returned :
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">abc@test.com</NameID>
and if in Identity Provider record :
Advance-> User Field is set to 'email'
Instance checks the sys_user table where email=abc@test.com
If a match is not found the user fails to login
Resolution
- Make sure the IDP returns the right value for NameID attribute
- If the IDP is set to return the right value make sure that the 'User Field' under the Advanced properties in Identity Provider record is set to the correct field and the user actually exists with the value returned in the SAML response.