Configuration of SAML authentication fails with ‘invalid host’ error
Applies to
- ONTAP System Manager 9.3 and later
- Security Assertion Markup Language (SAML)
Issue
When configuring SAML authentication and adding the 'host system' with the cluster short name, the following error occurs:
Web UI error:
Invalid host specified for parameter
-sp-host
. Specify an address or fully qualified domain name that corresponds to a LIF with role cluster_mgmt
.
- cluster sysmgr.log
00000030.0000e4ff 072b772e Mon Nov 16 2020 17:15:26 -05:00 [kern_sysmgr:info:11804] 10.x.x.x|admin|UsageRecord :ocsm.mfa.idp.configure.request accessed
00000030.0000e50a 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:info:11804] 10.x.x.x|admin|INFO|1605564067879|Mon Nov 16 2020,17:14:49.533||[MFA]Configuring MFA IdP...
00000030.0000e50b 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:info:11804] 10.x.x.x|admin|INFO|1605564067879|Mon Nov 16 2020,17:14:49.534||[security-saml-sp-create-async]API request start: security-saml-sp-create-async
00000030.0000e50c 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:info:11804] 10.x.x.x|admin|INFO|1605564067879|Mon Nov 16 2020,17:14:49.596||[security-saml-sp-create-async]API response received: security-saml-sp-create-async
00000030.0000e50d 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:error:11804] 10.x.x.x|admin|ERROR|1605564067879|Mon Nov 16 2020,17:14:49.597||[security-saml-sp-create-async]security-saml-sp-create-async failed: Invalid host specified for parameter "-sp-host". Specify an address or fully qualified domain name that corresponds to a LIF with role "cluster_mgmt". (13001)
00000030.0000e50e 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:error:11804] 10.x.x.x|admin|ERROR|1605564067879|Mon Nov 16 2020,17:14:49.597||UsageRecord :ocsm.mfa.visit accessed
00000030.0000e50f 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:info:11804] 10.x.x.x|admin|INFO|1605564067879|Mon Nov 16 2020,17:14:49.598||[security-saml-sp-get]API request start: security-saml-sp-get
00000030.0000e510 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:error:11804] 10.x.x.x|admin|ERROR|1605564067879|Mon Nov 16 2020,17:14:49.597||UsageRecord :ocsm.mfa.configure.failure accessed
00000030.0000e511 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:info:11804] 10.x.x.x|admin|INFO|1605564067879|Mon Nov 16 2020,17:14:49.617||[security-saml-sp-get]API response received: security-saml-sp-get
00000030.0000e512 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:error:11804] 10.x.x.x|admin|ERROR|1605564067879|Mon Nov 16 2020,17:14:49.618||[security-saml-sp-get]security-saml-sp-get failed: entry doesn't exist (15661)
00000030.0000e514 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:error:11804] 10.x.x.x|admin|ERROR|1605564067879|Mon Nov 16 2020,17:14:49.618||[MFA]Failed to get MFA details.
00000030.0000e515 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:error:11804] 10.x.x.x|admin|ERROR|1605564067879|Mon Nov 16 2020,17:14:49.597||UsageRecord :ocsm.mfa.IdPnotconfigured accessed
00000030.0000e516 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:info:11804] 10.x.x.x|admin|INFO|1605564067879|Mon Nov 16 2020,17:14:49.618||[MFA]MFA is not configured
00000030.0000e517 072b772e Mon Nov 16 2020 17:15:27 -05:00 [kern_sysmgr:error:11804] 10.x.x.x|admin|ERROR|160- Cluster mgwd.log
00000030.0000e502 072b772e Mon Nov 16 2020 17:15:26 -05:00 [kern_mgwd:info:2311] 0x81f078e00: 8503e80000000029: ERR: saml_ui: get_lif_role:src/saml/saml_ui.cc:227 Failed to get a lif; Error entry doesn't exist.