Support Article
Unable to create user on the fly.
SA-30707
Summary
The user is unable to create an operator on the fly after setting up SAML based SSO integration. Using OOTB activity pySAMLWebSSOAuthenticationActivity, which in turn calls again OOTB pyEstablishOperatorContext to create an operator on the fly. Activity pyEstablishOperatorContext is failing even when org/div/unit is specified in the SAML Authentication service mapping tab.
Error Messages
Unable to process the SAML WebSSO Request : Unable to open an instance using the given inputs: pxObjClass = %22Data-Admin-OrgUnit%22, pyOrganization = %22%22, pyOrgDivision = %22%22, pyorgUnit = %22%22
ERROR - Error while executing the Authentication Service activity : Unable to open an instance using the given inputs: pxObjClass = "Data-Admin-OrgUnit", pyOrganization = "", pyOrgDivision = "", pyOrgUnit = ""
Steps to Reproduce
Not Applicable
Root Cause
A software use or operation error. We enabled the debug on the class com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils as the original error didn't have any stacktrace associated with it.
After analyzing the SAML response attribute map, it was evident that the attribute mapping was wrong for the following property: pyOrganization, pyOrgUnit, pyOrgDivision
Resolution
After correcting the attribute name for the above mentioned properties as per the SAML response, the issue was resolved.
Published November 30, 2016 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.