Skip to main content
NetApp Stage KB

ONTAP System Manager is not accessible after renewing the cluster certificate with SAML enabled

Views:
Visibility:
Public
Votes:
0
Category:
oncommand-system-manager
Specialty:
OM
Last Updated:

 

 

Applies to

  • ONTAP 9
  • OnCommand System Manager

Issue

System Manager SAML authentication fails with a message the username or password is incorrect after renewing the cluster certificate.
Errors similar to the following may be seen in the cluster's apache_error log:

[Wed Apr 14 19:54:34.665695 2021 +0000] [dot:error] [pid 21325:tid 34376587776] [client xx.xx.xx.xx:60901] [vserver ID 4294967295] [service security] Denied access to user '<saml_user>', application 'http', auth method 'cert'.

[Wed Apr 14 19:54:34.665713 2021 +0000] [authz_core:error] [pid 21325:tid 34376587776] [client xx.xx.xx.xx:60901] AH01631: user <saml_user>: authorization failure for "/security/login":

When checking SAML on the cluster, there is no entry:

cluster1::> security saml-sp show
This table is currently empty.

Note: Cluster logs can be downloaded using the SPI. See KB How to manually collect logs and copy files from a clustered Data ONTAP storage system for more information.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.