Question

Enable operator provisioning using model operator is not working in SAMLSSO Pega 8.1

Enable operator provisioning using model operator is not working in SAMLSSO Pega 8.1.

- It's working fine if the operator ID is already present in system.

- It's failing for new user.

SAML response looks good.

Below message is showing in browser once it returned from IDP

"No failure response set by custom authentication activity"

Below is the log printed for same

2018-09-10 12:40:59,661 [http-nio-8080-exec-9] [ STANDARD] [ ] [ ] ( sso.saml.SAMLResponseHandler) ERROR |127.0.0.1|RelayStateID: eafa6386-7874-4641-a626-de50b45cff2f :RelayStateID - Failed while executing the SAML auth flow.
com.pega.pegarules.pub.PRRuntimeException: Unable to derive attribute (CSModelOperator) from SAML assertion for operator establishment

***Updated by moderator: Lochan to remove PI***

Correct Answer
September 11, 2018 - 2:52am

After passing model operator id in double quote ("CSModelOperator") solved my issue.

Comments

Keep up to date on this post and subscribe to comments

Pega
September 10, 2018 - 12:04pm

Hi,

Looks like it is failed to create new operator from the given model operator. Do you have a model operator configured? How did you configure it in the Auth service rule form ?

Thanks,

Santhosh

 

September 10, 2018 - 11:25pm

Hi pandj,

Did you map your Identity provider attributes with PEGA attributes on your SAML authentication service --> "Mapping" tab.

I mapped uid <-> .pyUserIdentifier

where uid is my Identity provider attribute and .pyUserIdentifier is the OOTB PEGA attribute.

You need to track if "uid" is part of your SAML payload.

 

Pega
September 11, 2018 - 2:52am

After passing model operator id in double quote ("CSModelOperator") solved my issue.

August 23, 2019 - 3:35am
Response to pandj

Useful info.