search cancel

SAML SSO configuration fails in DX NetOps Performance Management


Article ID: 226893


Updated On:


CA Performance Management - Usage and Administration DX NetOps


I set up SAML authentication in our development environment. This is what's happening:

  1. Redirection to the IDP works.
  2. Login to the IDP works
  3. Redirection back to Performance Center results in PC displaying:  "Error Authenticating: SAML Authentication Failed". See screen shot below.
  4. In the sso/logs/wrapper-20211022.log I only see these messages logged.

ERROR | qtp1867272179-21         | 2021-10-22 09:08:37,495 | common.sso.saml2.UserAssertionService
Receive StatusCode: urn:oasis:names:tc:SAML:2.0:status:Responder. Message:


This error message seen in the SSOService.log files reveals the cause. It's only seen when debug for SAML is enabled (see Additional Information section below).



All supported DX NetOps Performance Management releases


The "Name ID Format" setting in the IDP needs to be set to "username".

Additional Information

Enabling debug for SAML2 issues.

  1. Go to http://<PC_Hostname>:8381/sso/webservices/admin/debug
  2. Log in using the default admin user and it's password.
    1. Click on Logs
    2. Click on Runtime Configuration
  3. In the "Add/Update a logging category" fields:
    1. In Category Name add "common.saml2". Description can be left blank. Set Level to DEBUG. Hit the Add button.
    2. In Category Name add "common.sso.saml2". Description can be left blank. Set Level to DEBUG. Hit the Add button.
  4. Reproduce the attempted SAML login that fails.
  5. Logging will be written to the SSO Service SSOService.log and wrapper-<date>.log files in the (default path) /opt/CA/PerformanceCenter/sso/logs. Review those logs or share them with support for analysis.