Symantec DLP SAML authentication fails
search cancel

Symantec DLP SAML authentication fails


Article ID: 205291


Updated On:


Data Loss Prevention Enforce


You are trying to implement SAML authentication in your environment but for users, it is failing. 

The Tomcat localhost log has this error message:

21 Sep 2020 12:50:36,770- Thread: 124 WARNING [com.vontu.login.spring.VontuSAMLUserDetailsService] Authentication failed: SAML IDP user id 'xxxxxx' is not found in Enforce
21 Sep 2020 12:50:36,786- Authentication request failed: User lookup failed

In the "Enforce Console > System > Login Management > DLP Users > Configure DLP User" page there is no entry in the Single Sign On Mapping field, it is blank.


Release: 15.7 and later. 

Component: Enforce authentication


A Syntax error in the springSecurityContext.xml file can cause this issue. 


The problem in this particular instance was that in configuring the springSecurityContext.xml file a capital ‘N’ was used instead of a lowercase ‘n’ for the nameID which caused the mapping to fail.

For example here is the incorrect configuration: 

And here is the correct configuration: 

Once the syntax has been corrected restart the Symantec DLP Manager service and verify that you can now see in the user's account the SAML Single Sign On Mapping -> User Email field for the user's email: 


Additional Information

We can also use the default template (springSecurityContext-SAML) from this location:

<install drive>:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\tomcat\webapps\ProtectManager\security\template

  • This will ensure no unknown editing damages by using this file.
  • Edit this template for SAML authentication as required.
  • Rename this file as springSecurityContext.xml
  • Place it at <install drive>:\Program Files\Symantec\DataLossPrevention\EnforceServer\<version>\Protect\tomcat\webapps\ProtectManager\WEB-INF
  • Restart the DLP manager service.