000033810 - Cannot access RSA SecurID Access protected SAML application due to missing NameID

Document created by RSA Customer Support Employee on Aug 25, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033810
Applies ToRSA Product Set:  SecurID Access
IssueUser successfully authenticates to the application portal but when they click on an application, an error is displayed in the portal:
,
Application appears to be improperly configured. Contact your Administrator for assistance.
CauseThe application's SAML configuration uses a NameID of, for example, email address and the user does not have an email address configured in their Identity Source/Directory Server.
ResolutionTo investigate this error an administrator can view the IDR's /var/log/symplified/symplified.log and /var/log/symplified/symplified-audit.log, which can be obtained as described in the article on how to Generate and Download an Identity Router Log Bundle.
The symplified.log will contain an error similar to:
 
2016-08-17/14:46:40.292/UTC [ajp-apr-8009-exec-6] ERROR com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler[114] - Non-null and non-empty SAMLSubject NameID required for Saml Authentication

The symplified-audit.log will contain an error similar to:

TYPE=SAML
USERNAME=jpicard
APPLICATION=Ingo Demo SP
SESSION_ID=a76f6f63-adf4-4fc2-b4d2-25207f5e8ec5
RESULT=NOT_AUTHENTICATED
PROTECTED_APP_USERNAME=jpicard
MESSAGE=Non-null and non-empty SAMLSubject NameID required for Saml Authentication
DATETIME=Wed Aug 17 14:46:50 UTC 2016
EVENTID=USER_PROTECTED_APP_AUTHN
----------START_USER_PROTECTED_APP_AUTHN----------
2016-08-17/14:46:50.662/UTC [AuditEntryProcessor] INFO  AUDIT[64] -

----------END_USER_PROTECTED_APP_AUTHN----------

Ensure that the Administration Console application configuration contains the desired NameID specification and that the Identity Source/Directory Server contains the specified NameID attribute.
 
User-added image

Attachments

    Outcomes