• SAML has been setup and trying to login to the Console using email at the corresponding console location, and being returned to the login screen
• After AuthHub Migration and confirming SSO login the site is redirecting the user back to the console without being logged in to Carbon Black
• Being redirected to an access.broadcom login screen waiting for broadcom.com user login

• Carbon Black Cloud Console: All Supported Versions
• SAML Provider: All Supported Versions

This can happen for multiple reasons including the wrong attributes, or certificate, are being passed or the IDP issuer URI is incorrect

1. Reproduce the issue while generating a .HAR file
2. Open the .HAR file in a txt editor and look for INVALID_REQUEST which will contain the error message with additional formatting around it like %
3. Refer to the below section depending on the error message found
   • If there is a Claim Error then the Email Name that AuthHub is expecting may be different, check the ATTRIBUTE STATEMENTS for OKTA or the Claim Name for Azure as the email values are being passed for authentication
   • If there is a Certificate Error, Export the SAML Metadata and provide to support in order to update the SAML certificate on the backend
   • A 'login name mismatch violation' can occur if the SAML provider is sending a different email then the email being used on the cbc login page

• In some circumstances the SamlResponse from the .HAR file could be used for additional troubleshooting
• Being sent to access.broadcom.com without being logged in could be due to a browser cache issue or no email being sent by SAML Provider
• Confirm the correct steps for the SAML Provider are being used, here are the steps for Azure and OKTA