AuthHub SAML - One Login - Your user has not been assigned a role. Please contact your CloudHealth administrator.
search cancel

AuthHub SAML - One Login - Your user has not been assigned a role. Please contact your CloudHealth administrator.

book

Article ID: 376369

calendar_today

Updated On:

Products

CloudHealth

Issue/Introduction

When migrating from SAML to AuthHub SAML and using the Identity Provider One Login you may find that following the migration that when users attempt to sign in the platform returns "Your user has not been assigned a role. Please contact your CloudHealth administrator." whereas this hasn't occurred in the past. 

This is due to differences in how the old Service Provider for SSO and the new Service Provider for SSO handle attributes as they're passed in the SAML assertion. But can be resolved by updating the existing "roles" claim rule within your One Login SAML application.

Resolution

To resolve the issue sign into the One Login Administration Portal, and follow these steps:

  1. Navigate to the Administration section.



  2. Select Applications across the top nav and then the Applications option within the dropdown.




  3. Select the SAML application and navigate to the Parameters section.



  4. Delete your existing "roles" claim from this section, we will re-add it with changes that will allow the new SSO service provider to parse multiple values in the claim correctly.



  5. Recreate the roles claim ensuring that both of the below options are select, hit save.



  6. Select User Roles in the first dropdown, and then select Semicolon Delimited Input (Multi-value output) in the second dropdown. Hit Save.



  7. Finally save the changes you've made to the SAML application in the top right section - 

  8. Attempt to sign in as the user that received - "Your user has not been assigned a role. Please contact your CloudHealth administrator." previously and verify that the sign in now completes successfully. 
Powered by Wolken Software