SAML authentication fails due to missing name identifier claim rule
Applies to
- ONTAP System Manager 9.3 and later
- Security Assertion Markup Language (SAML)
Issue
Missing Claim Rule (NameIdentifier) on IDP server
Web UI error:
No issue logging in. You may get lucky with login
- Cluster shibd.log
00000030.00039c10 073559fe Tue Nov 17 2020 11:15:16 -05:00 [kern_shibd:info:59302] INFO Shibboleth.SessionCache [2] [default]: new session created: ID (_5f8d9ac7ca4d3005e527e81c89cd0cc7) IdP (http://adfs2/adfs/services/trust) Protocol(urn:oasis:names:tc:SAML:2.0:protocol) Address (ADFS_Server)
00000030.00039c11 073559fe Tue Nov 17 2020 11:15:16 -05:00 [kern_shibd:info:59302] INFO Shibboleth-TRANSACTION [2] [default]: New session (ID: _5f8d9ac7ca4d3005e527e81c89cd0cc7) with (applicationId: default) for principal from (IdP: http://adfs2/adfs/services/trust) at (ClientAddress: ADFS_Server) with (NameIdentifier: none) using (Protocol: urn:oasis:names:tc:SAML:2.0:protocol) from (AssertionID: _31a175d6-109d-489e-ac00-d34ebcc5a0ff)
00000030.00039c12 073559fe Tue Nov 17 2020 11:15:16 -05:00 [kern_shibd:info:59302] INFO Shibboleth-TRANSACTION [2] [default]: Cached the following attributes with session (ID: _5f8d9ac7ca4d3005e527e81c89cd0cc7) for (applicationId: default) {
00000030.00039c13 073559fe Tue Nov 17 2020 11:15:16 -05:00 [kern_shibd:info:59302] INFO Shibboleth-TRANSACTION [2] [default]: ^Iuid (1 values)
00000030.00039c14 073559fe Tue Nov 17 2020 11:15:16 -05:00 [kern_shibd:info:59302] INFO Shibboleth-TRANSACTION [2] [default]: }