SAML SSO Error

["Corey, Mike" <mi...@sap.com.INVALID>]

Hi,

Trying to configure the SAML piece for single-sign-on.  I have the info registered with my SAML provider and configured all the SAML parameters the same way I had on the 4.14 build of ACS.  Trying to determine if it's a setting I missed on ACS or I need to go back to the SAML provider team and seek help.

Error in log is:
2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer] (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from which account 'Acct[blah-blah-admin]' is allowed to perform API calls: 0.0.0.0/0,::/0
2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet] (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure: {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only authenticated saml users can request this API"}}

Any ideas?

MC

Mike Corey

Technology Senior Consultant, IT CS CTW Operation & Virtualization Service US

SAP AMERICA, INC. 3999 West Chester Pike, Newtown Square, 19073 United States

T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com



[cid:image001.png@01D74D69.C8CF1B80]

Re: SAML SSO Error

[Rohit Yadav <ro...@shapeblue.com>]

...
https://docs.cloudstack.apache.org/en/4.14.1.0/adminguide/accounts.html#using-a-saml-2-0-identity-provider-for-user-authentication

Related blog: https://www.shapeblue.com/saml2-cloudstack/


Regards.

________________________________
From: Rohit Yadav <ro...@shapeblue.com>
Sent: Sunday, May 23, 2021 21:39
To: users <us...@cloudstack.apache.org>
Subject: Re: SAML SSO Error

Hi Mike,

Have you setup the SAML IDP server and the CloudStack SP properly? Please refer to:




Regards.

________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Friday, May 21, 2021 03:22
To: users <us...@cloudstack.apache.org>
Subject: Re: SAML SSO Error

HI Mike,

are you having issues on 4.15 now or on which release ?
Best,

On Thu, 20 May 2021 at 17:18, Corey, Mike <mi...@sap.com.invalid>
wrote:

> Hi,
>
>
>
> Trying to configure the SAML piece for single-sign-on.  I have the info
> registered with my SAML provider and configured all the SAML parameters the
> same way I had on the 4.14 build of ACS.  Trying to determine if it’s a
> setting I missed on ACS or I need to go back to the SAML provider team and
> seek help.
>
>
>
> Error in log is:
>
> 2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer]
> (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from
> which account 'Acct[blah-blah-admin]' is allowed to perform API calls:
> 0.0.0.0/0,::/0
>
> 2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure:
> {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
> authenticated saml users can request this API"}}
>
>
>
> Any ideas?
>
>
>
> MC
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
>
>
>
>
>
>
>


--

Andrija Panić

 

Re: SAML SSO Error

[Rohit Yadav <ro...@shapeblue.com>]

Hi Mike,

Have you setup the SAML IDP server and the CloudStack SP properly? Please refer to:




Regards.

________________________________
From: Andrija Panic <an...@gmail.com>
Sent: Friday, May 21, 2021 03:22
To: users <us...@cloudstack.apache.org>
Subject: Re: SAML SSO Error

HI Mike,

are you having issues on 4.15 now or on which release ?
Best,

On Thu, 20 May 2021 at 17:18, Corey, Mike <mi...@sap.com.invalid>
wrote:

> Hi,
>
>
>
> Trying to configure the SAML piece for single-sign-on.  I have the info
> registered with my SAML provider and configured all the SAML parameters the
> same way I had on the 4.14 build of ACS.  Trying to determine if it’s a
> setting I missed on ACS or I need to go back to the SAML provider team and
> seek help.
>
>
>
> Error in log is:
>
> 2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer]
> (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from
> which account 'Acct[blah-blah-admin]' is allowed to perform API calls:
> 0.0.0.0/0,::/0
>
> 2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure:
> {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
> authenticated saml users can request this API"}}
>
>
>
> Any ideas?
>
>
>
> MC
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
>
>
>
>
>
>
>


--

Andrija Panić

 

Re: SAML SSO Error

[Andrija Panic <an...@gmail.com>]

HI Mike,

are you having issues on 4.15 now or on which release ?
Best,

On Thu, 20 May 2021 at 17:18, Corey, Mike <mi...@sap.com.invalid>
wrote:

> Hi,
>
>
>
> Trying to configure the SAML piece for single-sign-on.  I have the info
> registered with my SAML provider and configured all the SAML parameters the
> same way I had on the 4.14 build of ACS.  Trying to determine if it’s a
> setting I missed on ACS or I need to go back to the SAML provider team and
> seek help.
>
>
>
> Error in log is:
>
> 2021-05-20 10:21:09,932 DEBUG [c.c.a.ApiServer]
> (qtp1026871825-1975:ctx-66fd0a1d ctx-2c5a7b22) (logid:968de14a) CIDRs from
> which account 'Acct[blah-blah-admin]' is allowed to perform API calls:
> 0.0.0.0/0,::/0
>
> 2021-05-20 10:21:09,933 DEBUG [c.c.a.ApiServlet]
> (qtp1026871825-677:ctx-dff3a7c7) (logid:dafda2bd) Authentication failure:
> {"listandswitchsamlaccountresponse":{"uuidList":[],"errorcode":531,"errortext":"Only
> authenticated saml users can request this API"}}
>
>
>
> Any ideas?
>
>
>
> MC
>
>
>
> *Mike Corey*
>
>
> Technology Senior Consultant, IT CS CTW Operation & Virtualization Service
> US
>
>
> *SAP AMERICA, INC.* 3999 West Chester Pike, Newtown Square, 19073 United
> States
>
>
> T +1 610 661 0905, M +1 484 274 2658, E mike.corey@sap.com
>
>
>
>
>
>
>


-- 

Andrija Panić