由于断言值不正确、SAML身份验证失败
适用场景
- ONTAP 9.X
- ONTAP系统管理器
- Okta SAML
问题描述
使用OKTA配置SAML后、尝试访问ONTAP系统管理器时会出现以下错误。
Web UI错误:
SAML Service Provider
Authorization Failed
Based on the information provided to this application about you, you are not authorized to access the resource at "/sysmgr/v4/"
mgwd.log错误:
00000017.02198302 0201e5fa Tue Aug 06 2024 20:22:48+00:00 [kern_mgwd:info:3642] No profile exists for user 'app.userName', application'http', authmethod 'saml', vserver 4294967295
sibd.log:
00000017.021982f9 0201e5fa Tue Aug 06 2024 20:22:48+00:00 [kern_shibd:info:45559] INFO Shibboleth.SessionCache [1] [default]: newsession created: ID (_eb6282fc32562641e1da70efae175a0f) IdP (okta_server) Protocol(urn:oasis:names:tc:SAML:2.0:protocol)Address (okta_server_ip)
00000017.021982fa 0201e5fa Tue Aug 06 2024 20:22:48 +00:00[kern_shibd:info:45559] INFO Shibboleth-TRANSACTION [1] [default]: New session(ID: _eb6282fc32562641e1da70efae175a0f) with (applicationId: default) forprincipal from (IdP: okta_server) at (ClientAddress: okta_server_ip) with (NameIdentifier:domain_user) using (Protocol:urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID:id25716852261066792083764217)
00000017.021982fb 0201e5fa Tue Aug 06 2024 20:22:48 +00:00[kern_shibd:info:45559] INFO Shibboleth-TRANSACTION [1] [default]: Cached thefollowing attributes with session (ID: _eb6282fc32562641e1da70efae175a0f) for(applicationId: default) {
00000017.021982fc 0201e5fa Tue Aug 06 2024 20:22:48 +00:00[kern_shibd:info:45559] INFO Shibboleth-TRANSACTION [1] [default]: ^Iuid (1values)