{question}
How can I use XML output from SAML Chrome Panel to troubleshoot Managed Service Okta SSO Connections?
{question}
{answer}
Troubleshooting Steps
1) Follow the steps in the Troubleshoot SSO Connections guide.
2) Once you've followed the guide and have an XML file from the SAML Chrome Panel (or equivalent browser extension) confirm the following are true:
-
Confirm the endpoint is correct for your Identity Provider configuration.
egrep -o 'Destination=?("(.*?)")' saml-output.xml
Destination="https://auth.singlestore.com/auth/realms/memsql/broker/YOUR-DOMAIN-NAME.com/endpoint"
-
- "YOUR-DOMAIN-NAME.com" needs to be your fully-qualified domain name, not just "your_domain_name".
-
Confirm Name ID format is set to
“persistent”
.
egrep -o 'NameID Format=?("(.*?)")' saml-output.xml
NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
- Confirm the SSO assertions for email, first name, and last name that match the Configure SingleStore SSO using Okta documentation.
egrep -o 'NameFormat=?("(.*?)")' saml-output.xml
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
{answer}