Symantec DLP SAML authentication fails
search cancel

Symantec DLP SAML authentication fails


Article ID: 205291


Updated On:


Data Loss Prevention Enforce


We are trying to implement SAML authentication in our environment but for users it is failing. 

In the Tomcat localhost log we encountered this error message:

21 Sep 2020 12:50:36,770- Thread: 124 WARNING [com.vontu.login.spring.VontuSAMLUserDetailsService] Authentication failed: SAML IDP user id '[email protected]' is not found in Enforce
21 Sep 2020 12:50:36,786- Authentication request failed: User lookup failed

In the Enforce console page we checked the user account and found there was no details under the Single Sign On Mapping, it was blank.


Release : 15.7 and later. 

Component : Enforce authentication


Syntax error in the springSecurityContext.xml file may cause this issue. 


The problem in this particular instance was that in configuring the springSecurityContext.xml file the use of a capital ‘N’ was used instead of a lower case ‘n’ for the nameID which caused the mapping to fail.

For example here is the incorrect configuration: 

and here is the correct configuration: 

Once the syntax has been corrected restart the Symantec DLP Manger service and verify now you can see in the user's account the SAML Single Sign On Mapping -> User Email field for the user's email: 

Then tested the SAML authentication to confirm if it works as expected.

Additional Information

We can also use the default template (springSecurityContext-SAML) from this location:

C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\tomcat\webapps\ProtectManager\security\template

  • This will ensure no unknown editing damages by using this file.
  • Edit this template for SAML authentication as required.
  • Rename this file as springSecurityContext.xml
  • Place it at C:\Program Files\Symantec\DataLossPrevention\EnforceServer\15.8.00000\Protect\tomcat\webapps\ProtectManager\WEB-INF
  • Restart the DLP manager service.