Unable to create user on the fly.
SummaryThe user is unable to create an operator on the fly after setting up SAML based SSO integration. Using OOTB activity pySAMLWebSSOAuthenticationActivity, which in turn calls again OOTB pyEstablishOperatorContext to create an operator on the fly. Activity pyEstablishOperatorContext is failing even when org/div/unit is specified in the SAML Authentication service mapping tab.
Error MessagesUnable to process the SAML WebSSO Request : Unable to open an instance using the given inputs: pxObjClass = %22Data-Admin-OrgUnit%22, pyOrganization = %22%22, pyOrgDivision = %22%22, pyorgUnit = %22%22
ERROR - Error while executing the Authentication Service activity : Unable to open an instance using the given inputs: pxObjClass = "Data-Admin-OrgUnit", pyOrganization = "", pyOrgDivision = "", pyOrgUnit = ""
Steps to ReproduceNot Applicable
Root CauseA software use or operation error. We enabled the debug on the class com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils as the original error didn't have any stacktrace associated with it.
After analyzing the SAML response attribute map, it was evident that the attribute mapping was wrong for the following property: pyOrganization, pyOrgUnit, pyOrgDivision
After correcting the attribute name for the above mentioned properties as per the SAML response, the issue was resolved.
Published November 22, 2016 - Updated November 29, 2016