|Applies To||RSA Product Set: SecurID Access|
|Issue||User successfully authenticates to the application portal but when they click on an application, an error is displayed in the portal:|
Application appears to be improperly configured. Contact your Administrator for assistance.
|Cause||The application's SAML configuration uses a NameID of, for example, email address and the user does not have an email address configured in their Identity Source/Directory Server.|
|Resolution||To investigate this error an administrator can view the IDR's /var/log/symplified/symplified.log and /var/log/symplified/symplified-audit.log, which can be obtained as described in the article on how to Generate and Download an Identity Router Log Bundle.|
The symplified.log will contain an error similar to:
2016-08-17/14:46:40.292/UTC [ajp-apr-8009-exec-6] ERROR com.symplified.adapter.authn.Saml2PingDirectPostAssertionHandler - Non-null and non-empty SAMLSubject NameID required for Saml Authentication
The symplified-audit.log will contain an error similar to:
APPLICATION=Ingo Demo SP
MESSAGE=Non-null and non-empty SAMLSubject NameID required for Saml Authentication
DATETIME=Wed Aug 17 14:46:50 UTC 2016
2016-08-17/14:46:50.662/UTC [AuditEntryProcessor] INFO AUDIT -
Ensure that the Administration Console application configuration contains the desired NameID specification and that the Identity Source/Directory Server contains the specified NameID attribute.