Logging in with ADFS Loops back to Login Screen
search cancel

Logging in with ADFS Loops back to Login Screen

book

Article ID: 416626

calendar_today

Updated On:

Products

Carbon Black EDR

Issue/Introduction

When logging into the EDR server through ADFS, you are looped back to the login screen. 

  • Browser URL shows  
    https://<servername>/#login?err_code=%282%2C%29
  • /var/log/cb/coreservices/debug.log shows the following error.  
    <info> saml2.response - Subject NameID: None
<err> cb.flask.blueprints.api_routes_saml - SSO assertion auth failure
Traceback (most recent call last):
  File "/usr/share/cb/virtualenv/lib/python3.10/site-packages/cb/flask/blueprints/api_routes_saml.py", line 560, in saml_assertion
  File "/usr/share/cb/virtualenv/lib/python3.10/site-packages/cb/flask/blueprints/api_routes_saml.py", line 207, in handle_assertion
AttributeError: 'NoneType' object has no attribute 'text'

Environment

  • Carbon Black EDR: All Versions
  • ADFS

Cause

Relying party trust claims is missing Name ID as an outgoing claim.

Resolution

The Relying Party Trust claim policy needs to be updated to send "SAM-Account-Name" attribute through the "Name ID" outgoing claim. 

Additional Information

Recommended Relying Party Trust Claims for SSO Integration with ADFS

Powered by Wolken Software