This section explains the troubleshooting techniques for Authentication profile types.
SAML Authentication
- Create Application on the IdP
-
A SAML application needs to be created on the IdP using the Controller-generated information. The Entity ID and the Single Sign on URL required while creating the application on IdP need to precisely match the Avi Load Balancer-generated configuration.
In the case of certain identity providers, IdP metadata can be retrieved after the SAML application has been created. In those cases, the recommended workflow is to configure the JumpCloud SAML application first and use the Avi Load Balancer-generated attributes to create the SAML application.
Once the application has been created, the IdP metadata can be plugged into the authentication profile. The authentication profile cannot be attached to the system configuration without valid IdP metadata.
Note:In Avi Load Balancer, both SAML assertion and response signing are mandatory for successful SAML authentication.
Avi Load Balancer has verified interoperability with the Google, Okta, and OneLogin IDPs. Contact Avi Load Balancer sales team if you require integration with other IDPs.
- When User tries to Authenticate with SSO and Encounters User has no privileges Error Message
-
Following are a few reasons for the issue:
When group attributes are not retrieved from the backend.
When group attributes are retrieved from the backend, but no rule corresponding to that attribute is created.
This issue can be fixed by enabling the option in JumpCloud SAML application to include group attribute in the SAML requests.