When configuring the DNS Edge Cloud with the SAML integration details of your Identity Provider (IdP), you might encounter the following error page when attempting to log in to DNS Edge:
The following sections outline tips for troubleshooting your SSO integration.
Verify the SAML assertion attributes on your IdP
Ensure that you have configured the SAML assertion attributes on your IdP correctly based on the code examples listed in Configure SAML Assertion Attributes on the Identity Provider. SAML names and values are case sensitive so ensure that you have entered the values exactly as they are listed in the code examples.
When configuring the DNS Edge Roles, the Name value of the SAML attribute must be set to BluecatEdgeRole. The attribute value must also be one of the following: SYSADMIN, ADMIN, POLICYADMIN, or ANALYST.
When configuring the email authentication, the Name value of the SAML attribute must be set to Email.
When configuring the nameID format on your IdP, ensure that you have set the value to Email.
Verify the SSO configuration settings on DNS Edge and your IdP
Once you have entered the configuration information in DNS Edge, clicking Test or Apply & Test opens a new tab where you will be asked to sign in to your IdP to test the authentication and connection. If the test is unsuccessful, ensure that you have correctly entered the SAML service provider information correctly within DNS Edge and that the metadata downloaded from DNS Edge has been correctly entered in your IdP based on the steps in Configure the SSO Integration on DNS Edge. If you input the information from the metadata manually into your IdP, verify that the information is entered exactly as it appears in the metadata file.
When entering the Customer URL data, the field name might differ between IdP. The field name might be referred to as the Assertion Consumer Service URL, Application Callback URL, or SignIn/SSO Endpoint.