Error: "Invalid Username or Password" and "User Was Not Found During Attribute Based Authentication Using NameID Mapping for Name Identifier" After Configuring Federated Identity (SAML)

(Doc ID 2264422.1)

Last updated on MAY 12, 2017

Applies to:

Primavera P6 Enterprise Project Portfolio Management Cloud Service - Version 15.2.0.0 and later
Information in this document applies to any platform.

Symptoms

After configuring Federated Identity using SAML (reference "Enabling Federated Identity Single Sign-On (SSO) Through SAML 2.0 For Primavera Products Hosted In Oracle Cloud (Doc ID 2087067.1)"), the following error occurs after authenticating to the Identity Provider (IdP):

ERROR
----------
Invalid Username or Password

Note:  The error above is displayed on an Oracle Access Manager login page, after IdP authentication has directed the response back to the service provider (SP).


When this issue occurs, the following error is logged to the SP Oracle Access Manager log files:

ERROR
----------
TIMESTAMP <Warning> <oracle.security.fed.eventhandler.fed.profiles.sp.sso.assertion.Saml20AssertionProcessor> <FED-15108>
<User was not found during attribute based authentication using NameID mapping for name identifier: $NAMEID_SENT_FROM_IDP name identifier format : urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified and message : $SAML RESPONSE>


STEPS TO DUPLICATE
Open a browser and connect to a cloud URL configured for Federated Identity
Note the redirection which occurs to the IdP.
Note the redirection which occurs back to the Service Provider - Instead of redirection to the application, an Oracle Access Manager page displays with the noted error above

Changes

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms