Article Content
Article Number | 000033810 |
Applies To | RSA Product Set: SecurID Access |
Issue | User successfully authenticates to the application portal but when they click on an application, an error is displayed in the portal: , Application appears to be improperly configured. Contact your Administrator for assistance. |
Cause | The application's SAML configuration uses a NameID of, for example, email address and the user does not have an email address configured in their Identity Source/Directory Server. |
Resolution | To investigate this error an administrator can view the IDR's /var/log/symplified/symplified.log and /var/log/symplified/symplified-audit.log, which can be obtained as described in the article on how to Generate and Download an Identity Router Log Bundle. The symplified.log will contain an error similar to: 2016-08-17/14:46:40.292/UTC [ajp-apr-8009-exec-6] ERROR com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[114] - Non-null and non-empty SAMLSubject NameID required for Saml Authentication The symplified-audit.log will contain an error similar to: TYPE=SAML USERNAME=jpicard APPLICATION=Ingo Demo SP SESSION_ID=a76f6f63-adf4-4fc2-b4d2-25207f5e8ec5 RESULT=NOT_AUTHENTICATED PROTECTED_APP_USERNAME=jpicard MESSAGE=Non-null and non-empty SAMLSubject NameID required for Saml Authentication DATETIME=Wed Aug 17 14:46:50 UTC 2016 EVENTID=USER_PROTECTED_APP_AUTHN ----------START_USER_PROTECTED_APP_AUTHN---------- 2016-08-17/14:46:50.662/UTC [AuditEntryProcessor] INFO AUDIT[64] - ----------END_USER_PROTECTED_APP_AUTHN---------- Ensure that the Administration Console application configuration contains the desired NameID specification and that the Identity Source/Directory Server contains the specified NameID attribute. |