HTTP 500 Error During SAML Authentication for Specific User Group on Avi Controller
search cancel

HTTP 500 Error During SAML Authentication for Specific User Group on Avi Controller

book

Article ID: 409224

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

  • Users belonging to a specific group receive an HTTP 500 error when attempting to log in to the Avi Controller using SAML authentication.

Cause

  • This issue occurs because a local user account with the same username as the SAML user exists on the Avi Load Balancer (LB). In this scenario, the local user takes precedence over the SAML user during authentication. 
  • Since these accounts may have different roles or permissions, it causes conflicts resulting in an HTTP 500 error.Below log trace is noticed 
    2025-08-18T18:22:28.318Z        D  1546921      utils/auth_rules.go:784  [T-ID=#####] AUTH RULES <SAML> User object local, no access update.

Resolution

To resolve this issue:

  • Identify and delete any local users on the Avi LB that share usernames with users authenticating via SAML.
  • After removing conflicting local users, affected users should be able to successfully authenticate using their SAML credentials without encountering errors.

Additional Information

  • Avoid creating local user accounts with usernames identical to those used by your identity provider for SAML authentication.
  • Local users take precedence over SAML-authenticated users if both exist with the same username.
Powered by Wolken Software