This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SAML Bug

Hello All,

I've just created a new SAML Group login and i'm using the fully distinguished name from AD. I'm only doing this because when I used the CN name it would not let me login to Solarwinds with the SAML group name. Weirdly when I use the fully distinguished name it crashes Solarwinds telling me it cannot use commas, but as you can see below its created the group but with no editable permissions. So I can login read only to Solarwinds.

I think i've found a bug! emoticons_happy.png

pastedImage_0.png

Here is the group (below) that is created despite the obvious error above. When I try to edit the permissions it comes up with the above error again.

pastedImage_2.png

Any ideas how to fix this?

Parents
  • Hello folks!
    This "bug" is still alive... Maybe not a bug, but clearly SolarWinds does not expect the full CN name in groups configured in the web interface.

    Our project is being affected by this. We're using a proprietary SAML application that we can not change or modify in any aspect. All groups a person belongs to are sent in full CN name and there is no way to add them in SW interface.

    I opened a case with support. Lets see what they can tell about it. I will post the results here as soon as I have them.

  • Update:
    The case is still open. Support has acknowledged the bug but did not provide an ETA for a fix, or a workaround.
    I insisted that I need to manage authorization using SAML groups, and asked again for a workaround.

    Our directory send the full group DN in SAML assertion, like "cn=groupname,ou=groups,o=site.com", and SolarWinds can't use this string as rule for authorization, as the interface wont accept the commas.

    Maybe a simple workaround would be to compare groups in SolarWinds with only part of the group names. So intead of an exact match for the group, an additional option to create a "group containing string <groupName>" would suffice.



Reply
  • Update:
    The case is still open. Support has acknowledged the bug but did not provide an ETA for a fix, or a workaround.
    I insisted that I need to manage authorization using SAML groups, and asked again for a workaround.

    Our directory send the full group DN in SAML assertion, like "cn=groupname,ou=groups,o=site.com", and SolarWinds can't use this string as rule for authorization, as the interface wont accept the commas.

    Maybe a simple workaround would be to compare groups in SolarWinds with only part of the group names. So intead of an exact match for the group, an additional option to create a "group containing string <groupName>" would suffice.



Children
No Data