You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by "Corey, Mike" <mi...@sap.com.INVALID> on 2021/05/20 15:17:58 UTC
SAML SSO Error
Hi,
Trying to configure the SAML piece for single-sign-on. I have the info registered with my SAML provider and configured all the SAML parameters the same way I had on the 4.14 build of ACS. Trying to determine if it's a setting I missed on ACS or I need to go back to the SAML provider team and seek help.
Error in log is:
2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer] (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from which account 'Acct[blah-blah-admin]' is allowed to perform API calls: 0.0.0.0/0,::/0
2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet] (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure: {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only authenticated saml users can request this API"}}
Any ideas?
MC
Mike Corey
Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US
SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States
T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
[cid:image001.png@01D74D69.C8CF1B80]
Re: SAML SSO Error
Posted by Rohit Yadav <ro...@shapeblue.com>.
...
https://docs.cloudstack.apache.org/en/4.14.1.0/adminguide/accounts.html#using-a-saml-2-0-identity-provider-for-user-authentication
Related blog: https://www.shapeblue.com/saml2-cloudstack/
Regards.
________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Sunday, May 23, 2021 21:39
To: users <us...@cloudstack.apache.org>
Subject: Re: SAML SSO Error
Hi Mike,
Have you setup the SAML IDP server and the CloudStack SP properly? Please refer to:
Regards.
________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Friday, May 21, 2021 03:22
To: users <us...@cloudstack.apache.org>
Subject: Re: SAML SSO Error
HI Mike,
are you having issues on 4.15 now or on which release ?
Best,
On Thu, 20 May 2021 at 17:18, Corey, Mike <mi...@sap.com.invalid>
wrote:
> Hi,
>
>
>
> Trying to configure the SAML piece for single-sign-on. I have the info
> registered with my SAML provider and configured all the SAML parameters the
> same way I had on the 4.14 build of ACS. Trying to determine if it’s a
> setting I missed on ACS or I need to go back to the SAML provider team and
> seek help.
>
>
>
> Error in log is:
>
> 2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer]
> (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from
> which account 'Acct[blah-blah-admin]' is allowed to perform API calls:
> 0.0.0.0/0,::/0
>
> 2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure:
> {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
> authenticated saml users can request this API"}}
>
>
>
> Any ideas?
>
>
>
> MC
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
>
>
>
>
>
>
>
--
Andrija Panić
Re: SAML SSO Error
Posted by Rohit Yadav <ro...@shapeblue.com>.
Hi Mike,
Have you setup the SAML IDP server and the CloudStack SP properly? Please refer to:
Regards.
________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Friday, May 21, 2021 03:22
To: users <us...@cloudstack.apache.org>
Subject: Re: SAML SSO Error
HI Mike,
are you having issues on 4.15 now or on which release ?
Best,
On Thu, 20 May 2021 at 17:18, Corey, Mike <mi...@sap.com.invalid>
wrote:
> Hi,
>
>
>
> Trying to configure the SAML piece for single-sign-on. I have the info
> registered with my SAML provider and configured all the SAML parameters the
> same way I had on the 4.14 build of ACS. Trying to determine if it’s a
> setting I missed on ACS or I need to go back to the SAML provider team and
> seek help.
>
>
>
> Error in log is:
>
> 2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer]
> (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from
> which account 'Acct[blah-blah-admin]' is allowed to perform API calls:
> 0.0.0.0/0,::/0
>
> 2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure:
> {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
> authenticated saml users can request this API"}}
>
>
>
> Any ideas?
>
>
>
> MC
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
>
>
>
>
>
>
>
--
Andrija Panić
Re: SAML SSO Error
Posted by Andrija Panic <an...@gmail.com>.
HI Mike,
are you having issues on 4.15 now or on which release ?
Best,
On Thu, 20 May 2021 at 17:18, Corey, Mike <mi...@sap.com.invalid>
wrote:
> Hi,
>
>
>
> Trying to configure the SAML piece for single-sign-on. I have the info
> registered with my SAML provider and configured all the SAML parameters the
> same way I had on the 4.14 build of ACS. Trying to determine if it’s a
> setting I missed on ACS or I need to go back to the SAML provider team and
> seek help.
>
>
>
> Error in log is:
>
> 2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer]
> (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from
> which account 'Acct[blah-blah-admin]' is allowed to perform API calls:
> 0.0.0.0/0,::/0
>
> 2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure:
> {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
> authenticated saml users can request this API"}}
>
>
>
> Any ideas?
>
>
>
> MC
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
>
>
>
>
>
>
>
--
Andrija Panić