Investigating SAML Authentication Issues for VMware Aria Operations for Application.

Avatar
Chery Legendre
Follow

This article applies to:

• SAML Authentications

• Product edition: All

• Feature Category: Access/Authentication

 

Problem Description:

Investigating SAML Authentication Issues for VMware Aria Operations for Application.

 

Background:
What is SAML?
Security assertion markup language (SAML) is an authentication process
SAML Single Sign-On is a mechanism that leverages SAML allowing users to log on to multiple web applications after logging into the identity provider. As the user only has to log in once, SAML SSO provides a faster, seamless user experience.

A Service Provider (SP) is the entity providing the service, typically in the form of an application.
An Identity Provider (IDP) is the entity providing the identities, including the ability to authenticate a user.
See Link below for Planning-for-saml for additional information.

 

Error Messages/Messages
Workspace ONE error screens.

Error Message 1 - Failed to look up subscriptions to resource.

SAML-FailedtoLookupSubscription.jpg

Error Message 2 - No application found
SAML-NoApplicationFound.jpg

 

Note: The preceding log excerpts/Messages are only examples. Date, time and environmental variables may vary depending on your environment.

 

Investigation:

To find the SAML error message and determine at which layer the authentication is failing, the Service Provider or Identity Provider level, we will use the browser extension "SAML Message Decoder".  

 

1)  Download and install a SAML Message Decoder extension for your type of web browser.
Note you may need to work with your Chrome setting to enable the extension.

 

2) Launch SAML Message Decoder


SAML-Decorder.jpg

 

3) Login to the Aria Operations for Application to generate the error for review

 

We see here the authentication is not getting past the Service Provider layer  ie WorkspaceOne.  

If this is true for your case please have the customer open a ticket with their local  helpdesk to investigate permissions issues at the WorkspaceOne level.

 

SAML-Decorder-Failed.jpg

 

A successful connection will look similar to this.

SAML-Decorder-Sucess.jpg

 

Next Action:

If investigating of this issue you find that the authentication is failing on Aria Application level please document the SAML Response details and post a question in Slack Channel  #tobs-devops

 

See also:

To learn more about the SAML technology please see the below links.

Planning for SAML - https://developer.okta.com/docs/concepts/saml/#planning-for-saml

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk