SES 400 General_Nonsuccess while logging with SAML configured
search cancel

SES 400 General_Nonsuccess while logging with SAML configured

book

Article ID: 278023

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

You have configured the IdP in SES integration for SAML 2.0 authentication to the console.

After testing the solution, you run into the error while logging:

Environment

ICDm / SES cloud console with IdP configured:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-security/sescloud/Administrators,-Passwords,-and-Authentication/configuring-a-saml-2-0-based-identity-provider-for-v131783916-d4161e9772.html

Cause

One of the possible causes of the failure is using friendly names in the IdP attribute mapping instead of the name.

Resolution

The recommend approach is to gather HAR file while replicating the issue. 

https://knowledge.broadcom.com/external/article/205795/how-to-generate-har-file.html

Check the SAML assertion and compare it against the configured attribute map. Ensure that the names from the assertion are matching the configured ones in the map, and if there are any discrepancies, fix the names in the map in accordance to the assertion. 

Make sure to not use the friendly name. Example of the line and names from the assertion:

<saml2:Attribute FriendlyName='friendly_name_mail' Name='example_ID'

Do not use "friendly_name_mail' but 'example_ID'.

Additional Information

If you have issues with logging to the console due to the misconfigured SAML, sign in to the console using the direct link: https://us.securitycloud.symantec.com/oidc/authorize?okta_admin_flow=1