EDR: ADFS SSO Login Fails With Unknown User Error
Article ID: 289643
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- SSO login shows "unknown user" error.
- coreservices/debug.log shows:
<warning> cb.flask.blueprints.api_routes_saml - <username> authenticated but not authorized based on 'authorized' param: False.
Environment
- EDR: All versions
- ADFS: All versions
Cause
The user is not in the correct user group in AD.
Resolution
Ask AD admin to make sure the login user is in the correct group.
Additional Information
Group mapping is definned in /etc/cb/sso/attr_map.py.
For example:
That means the user must be either in CB_Admin group or CB_Users group in AD.
For example:
if any( 'CB_Admin' in role for role in roles ): result["authorized"] = True result["builtin_roles"] = ["global_admin",] elif any( 'CB_Users' in role for role in roles ): result["authorized"] = True
That means the user must be either in CB_Admin group or CB_Users group in AD.
Feedback
Yes
No
Powered by
