• State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 16 subscribers
  • Views 2757 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SAML Bug

acmtix

Hello All,

I've just created a new SAML Group login and i'm using the fully distinguished name from AD. I'm only doing this because when I used the CN name it would not let me login to Solarwinds with the SAML group name. Weirdly when I use the fully distinguished name it crashes Solarwinds telling me it cannot use commas, but as you can see below its created the group but with no editable permissions. So I can login read only to Solarwinds.

I think i've found a bug! emoticons_happy.png

pastedImage_0.png

Here is the group (below) that is created despite the obvious error above. When I try to edit the permissions it comes up with the above error again.

pastedImage_2.png

Any ideas how to fix this?

  • 0

     Did you find a solution to this, I have this issue now.
    I was able to modify the SQL DB to give it rights, but don't trust everyone doing that when a new group has to be added.

  • 0 in reply to elkinst

    We rebuilt the F5's and re-added the integration again and this resolved it for us. Bit of a long one. We did also upgrade SolarWinds to remediate against issues and I can now add groups properly. So i'm not entirely sure what fixed it.

  • 0

    Hello folks!
    This "bug" is still alive... Maybe not a bug, but clearly SolarWinds does not expect the full CN name in groups configured in the web interface.

    Our project is being affected by this. We're using a proprietary SAML application that we can not change or modify in any aspect. All groups a person belongs to are sent in full CN name and there is no way to add them in SW interface.

    I opened a case with support. Lets see what they can tell about it. I will post the results here as soon as I have them.

  • 0 in reply to rcastril

    Can you share the support case number with me?

  • 0 in reply to rcastril

    Update:
    The case is still open. Support has acknowledged the bug but did not provide an ETA for a fix, or a workaround.
    I insisted that I need to manage authorization using SAML groups, and asked again for a workaround.

    Our directory send the full group DN in SAML assertion, like "cn=groupname,ou=groups,o=site.com", and SolarWinds can't use this string as rule for authorization, as the interface wont accept the commas.

    Maybe a simple workaround would be to compare groups in SolarWinds with only part of the group names. So intead of an exact match for the group, an additional option to create a "group containing string <groupName>" would suffice.



  • 0

    Today I had a conference with SolarWinds support. 
    The specialist acknowledged the "commas in group names" bug and commented that there is a fix planned for that. He could not tell when exactly it will be released but at least there is a plan. 
    He also told me that he would link the support ticket with the bug ticket, which is nice and could speed up the release of a fix. THIS is the page where we can look for new versions and what they fix.

    The workaround is to create the group with commas anyway (like "cn=groupname,ou=groups,o=site.com"), then ignore the bug and change the permissions for that group directly in the database (SolarWindsOrion.Accounts). Some are very intuitive: 
    - AllowAdmin
    - AllowNodeManagement
    - AllowMapManagement
    - AllowCustomize, etc

    I am happy with this workaround, as I can implement this in the server and will be transparent to users. 

  • 0 in reply to rcastril

    Thats good news! Sounds like we might have a fix at some point then...

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.