My Oracle Support Banner

Error "The signed in user <EMAIL> is not assigned to a role for the application" on Single-Sign On (SSO) Login Page (Doc ID 2510729.1)

Last updated on FEBRUARY 08, 2021

Applies to:

Instantis EnterpriseTrack Cloud Service - Version 18.11 and later
Information in this document applies to any platform.

Symptoms

When attempting to Access Instantis after changing Single-Sign On (SSO) providers, the initial testing results the following error(s) occurs.

ERRORS

Message from Customer Identity Provider (IdP)

Sorry, but we're having trouble signing you in.
The signed in user "<EMAIL>" is not assigned to a role for the application


EnterpriseTrack Error

There was an error while trying to log you into the system or you do not have permission to access the system.
Please try again.
Error: ...

Browser Session Log EnterpriseTrack ViewDebugLog

:security.WebServerAuthentication:AUDIT: {< In get remote user; mapping is {"*"={"hostnames"={"0"="*"},"authtype"="*"}} >}
:security.WebServerAuthentication:AUDIT: {< In get remote user; account is instantis/biomarin >}
:security.WebServerAuthentication:AUDIT: {< No getRemoteUser() return; trying userPrincipal >}
:security.WebServerAuthentication:AUDIT: {< Bailing because of null remoteuser >}


STEPS to Verify

  1. Metadata has been provided on both the client side and Oracle Side
  2. Metadata has been placed and servers restarted.
  3. Users with Authentication Mode set to SSO have attempted to access as IdP set up and as expected on the customer side.

    Result(s):

Test 1. The initial error
          "The signed in user "<EMAIL>" is not assigned to a role for the application."
Test 2. Additional testing with changing the "Login ID" field in Instantis to select results with:
          "There was an error while trying to log you into the system or you do not have permission to access the system.
           Please try again. Error: ..."
ViewDebugLog:

           The ViewDebugLog, no matter how the test was conducted all had the same messages as noted above.  Nothing was generated capturing the individual authentication as expected. 
           Assistance in using the Instantis EnterpriseTrack ViewDebugLog: SRDC: How To Create A ViewDebugLog in Instantis EnterpriseTrack (Doc ID 1552938.1)

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.