Support Article

Unable to create user on the fly.

SA-30707

Summary



The user is unable to create an operator on the fly after setting up SAML based SSO integration. Using OOTB activity pySAMLWebSSOAuthenticationActivity, which in turn calls again OOTB pyEstablishOperatorContext to create an operator on the fly. Activity pyEstablishOperatorContext is failing even when org/div/unit is specified in the SAML Authentication service mapping tab.


Error Messages



Unable to process the SAML WebSSO Request : Unable to open an instance using the given inputs: pxObjClass = %22Data-Admin-OrgUnit%22, pyOrganization = %22%22, pyOrgDivision = %22%22, pyorgUnit = %22%22

ERROR  - Error while executing the Authentication Service activity : Unable to open an instance using the given inputs: pxObjClass = "Data-Admin-OrgUnit", pyOrganization = "", pyOrgDivision = "", pyOrgUnit = "" 

 


Steps to Reproduce



Not Applicable


Root Cause



A software use or operation error. We enabled the debug on the class com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils as the original error didn't have any stacktrace associated with it. 

After analyzing the SAML response attribute map, it was evident that the attribute mapping was wrong for the following property: pyOrganization, pyOrgUnit, pyOrgDivision

 

Resolution





After correcting the attribute name for the above mentioned properties as per the SAML response, the issue was resolved.

 

 

Published November 22, 2016 - Updated November 29, 2016

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.