ONTAP System Manager is not accessible after renewing the cluster certificate with SAML enabled
Applies to
- ONTAP 9
- OnCommand System Manager
Issue
System Manager SAML authentication fails with a message the username or password is incorrect after renewing the cluster certificate.
Errors similar to the following may be seen in the cluster's apache_error
log:
[Wed Apr 14 19:54:34.665695 2021 +0000] [dot:error] [pid 21325:tid 34376587776] [client xx.xx.xx.xx:60901] [vserver ID 4294967295] [service security] Denied access to user '<saml_user>', application 'http', auth method 'cert'.
[Wed Apr 14 19:54:34.665713 2021 +0000] [authz_core:error] [pid 21325:tid 34376587776] [client xx.xx.xx.xx:60901] AH01631: user <saml_user>: authorization failure for "/security/login":
When checking SAML on the cluster, there is no entry:
cluster1::> security saml-sp show
This table is currently empty.
Note: Cluster logs can be downloaded using the SPI. See KB How to manually collect logs and copy files from a clustered Data ONTAP storage system for more information.