Troubleshooting the SSO Integration - BlueCat Edge - Service Point v4.x.x

BlueCat Edge Deployment Guide

Locale
English
Product name
BlueCat Edge
Version
Service Point v4.x.x

When configuring the BlueCat Edge Cloud with the SAML integration details of your Identity Provider (IdP), you might encounter the following error page when attempting to log in to BlueCat Edge:

The following sections outline tips for troubleshooting your SSO integration.

Verify the SAML assertion attributes on your IdP

Ensure that you have configured the SAML assertion attributes on your IdP correctly based on the code examples listed in Configure SAML Assertion Attributes on the Identity Provider. SAML names and values are case sensitive so ensure that you have entered the values exactly as they are listed in the code examples.

When configuring the BlueCat Edge Roles, the Name value of the SAML attribute must be set to BluecatEdgeRole. The attribute value must also be one of the following: SYSADMIN, ADMIN, POLICYADMIN, or ANALYST.

When configuring the email authentication, the Name value of the SAML attribute must be set to Email.

When configuring the nameID format on your IdP, ensure that you have set the value to Email.

Verify the SSO configuration settings on BlueCat Edge and your IdP

Once you have entered the configuration information in BlueCat Edge, clicking Test or Apply & Test opens a new tab where you will be asked to sign in to your IdP to test the authentication and connection. If the test is unsuccessful, ensure that you have correctly entered the SAML service provider information correctly within BlueCat Edge and that the metadata downloaded from BlueCat Edge has been correctly entered in your IdP based on the steps in Configure the SSO Integration on BlueCat Edge. If you input the information from the metadata manually into your IdP, verify that the information is entered exactly as it appears in the metadata file.

When entering the Customer URL data, the field name might differ between IdP. The field name might be referred to as the Assertion Consumer Service URL, Application Callback URL, or SignIn/SSO Endpoint.