Skip to content
Snippets Groups Projects
Unverified Commit e0af193a authored by Jeff Bruemmer's avatar Jeff Bruemmer Committed by GitHub
Browse files

docs - SAML troubleshooting (#19667)

parent 8a2d75ba
No related branches found
No related tags found
No related merge requests found
......@@ -65,3 +65,7 @@ Next, in the Auth0 Addon: SAML2 Web App popup, click on the **Usage** tab and th
The "SAML Application Name" value can be left as the default (Metabase).
Save your settings, then [enable SAML](authenticating-with-saml.md) in Metabase, and you should be good to go!
## Troubleshooting
For common issues, see our [SAML troubleshooting page][../troubleshooting-guide/saml.md).
......@@ -9,41 +9,32 @@ Problems, their causes, how to detect them, and how to fix them.
### Installation
- [Running the Metabase JAR][running].
- [Running Metabase on Docker][docker].
- [Using or migrating from an H2 application database][appdb].
### Authentication
- [Setting up LDAP][ldap].
- [LDAP][ldap].
- [SAML][sam].
- [People can't log in to Metabase][login].
### Permissions
- [Fixing permissions issues][permissions].
- [Managing data sandboxing][sandbox].
### Data Sources
- [Connecting to data warehouses with Metabase][datawarehouse].
- [I can't see my tables][cant-see-tables].
- [Fixing missing or out-of-sync tables and columns][sync-fingerprint-scan].
### Questions and dashboards
- [Saving questions or dashboards][proxies].
- [My dashboard is slow][slow-dashboard].
- [The dates and times in my questions and charts are wrong][incorrect-times].
- [My dashboard filters don't work][filters].
- [My dashboard's linked filters don't work][linked-filters].
### Email and alerts
......@@ -107,6 +98,7 @@ Metabase adds new features and squashes bugs with each release. [Upgrading to th
[running]: ./running.html
[safari]: https://support.apple.com/guide/safari-developer/develop-menu-dev39df999c1/mac
[server-logs]: ./server-logs.html
[saml]: ./saml.md
[sandbox]: ./sandboxing.html
[slow-dashboard]: ./my-dashboard-is-slow.html
[sync-fingerprint-scan]: ./sync-fingerprint-scan.html
......
# Troubleshooting SAML authentication setup
{% include plans-blockquote.html feature="SAML authentication" %}
Some common problems when setting up SAML.
## Is the entity or issuer ID correct?
After filling out the authentication form with your identity provider, you're taken back to Metabase but it throws an error. To see the error, go to **Admin settings** > **Troubleshooting** > **Logs**. You'll see an error that says something like **Incorrect response <issuer>**.
**Root cause**: Your entity or issuer ID is incorrect.
**Steps to take**:
1. You should have received an XML file of metadata from your identity provider. Open that metadata file, and look for the correct issuer or entity ID. This ID is a unique identifier for the identity provider. Depending on your provider, this usually looks something like http://www.example.com/141xkex604w0Q5PN724v.
2. Copy that ID.
3. Go to **Admin settings** > **Settings** > **Authentication** > **SAML** and enter the issuer or entity ID into the **SAML Identity Provider Issuer** field in Metabase.
## Is the SAML identity provider certificate value correct?
After filling out the authentication form with your identity provider, you go back to Metabase but it throws an error. Go to **Admin settings** > **Troubleshooting** > **Logs**. You'll see an error that says something like **Invalid assertion error <issuer>**.
**Root cause**: The certificate value you entered is incorrect.
**Steps to take**:
1. You should have received an XML file from your identity provider. Open that metadata file, and check to make sure the certificate you inputted is correct.
2. Go to **Admin settings** > **Settings** > **Authentication** > **SAML**. Check that the certificate that you entered into the **SAML Identity Provider Certificate** field matches the certificate in the XML file you got from your identity provider. Depending on your provider, you might need to download this, open it in a text editor, then copy and paste the certificate's contents into the field.
## Searching for private key and found a null
This error will only occur if you're using **Signed SSO requests**. That is, in Metabase, you've filled out the fields in the configuration section in **Admin settings** > **Settings** > **Authentication** > **SAML** > **Signed SSO requests**. Those fields are:
- **SAML Keystore Path**: the absolute path to the Keystore file to use for signing SAML requests.
- **SAML Keystore Password**: the password for opening the keystore.
- **SAML Keystore Alias**: the alias for the key that Metabase should use for signing SAML requests.
**Root cause**: The certificate in the keystore file does not have a private key.
**Steps to take**:
1. Add a certificate with a private key to your keystore.
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment