Introduction
This document describes various aspects of Single Sign-On (SSO) configuration and their effects on CloudCenter 4.8.X.
Users that Use SSO have an Account with a Null First or Last Name
CloudCenter allows SSO accounts to be created without a required First or Last name. These users are able to log in and deploy as usual. However, sharing applications or resources is likely to be affected as the screen in order to search for users in the UI. It does not return any results due to Null values.
This can be caused by the IDP that allows a user to be created with Null values (some SSO users will have Null names, while others show the correct name) or the First or Last Name attribute configured in CloudCenter does not match up between the IDP and SP.
SSO Fails with Browser and Shows "Server encountered an error"
CCM logs show:
Error setting entityId for <IDP Name>. Using default discovery
org.opensaml.saml2.metadata.provider.MetadataProviderException: Metadata provider has not been initialized"
This error is associated with a missing Intrusion Detection & Prevention (IDP) Metadata. CloudCenter allows the IDP in order to provide a metadata file directly, or a metadata URL. If the URL is not valid and reachable, or the file is missing or corrupted, an error similar to this occurs.
"NameID Element must be present as part of the subject in the response message, enable it in the IDP configuration"
This error refers to an expectation that the IDP returns the email address as a "NameID". CloudCenter SSO Documentation provides the steps in order to configure this via ADFS (Step 22 is the relevant� portion).
Feedback