IBM Support

User authentication failing after enable SAML

Troubleshooting


Problem

You configured Security Assertion Markup Language (SAML) for single sign-on (SSO) to the Cloud Pak for Data web client. But post configuration user authentication is failing. The "usermgmt" pod shows error "Invalid property: cert must not be empty". 
$ oc logs usermgmt-67f85b474f-mvv62

========== Creating file system directories for 999/admin user ==========
========== File system directories for 999/admin in place ==========
========== Begin user-home setup necessary for usermgmt ==========
>> Setting up metakey
>> Setting up jwt certificates
>> Loading jwt certificates from the existing /user-home/_global_/config/jwt
========== user-home setup necessary for usermgmt completed successfully ==========
========== Verifying product license ==========
Previous license found
********************** zen license information ************************
 * License type             : Permanent
 * License expiry date      :
 * License status           : Active
********************************************************************************
/usr/src/server-src/node_modules/passport-saml/lib/passport-saml/saml.js:28
    throw new Error('Invalid property: cert must not be empty');
    ^

Error: Invalid property: cert must not be empty
    at SAML.initialize (/usr/src/server-src/node_modules/passport-saml/lib/passport-saml/saml.js:28:11)
    at new SAML (/usr/src/server-src/node_modules/passport-saml/lib/passport-saml/saml.js:18:23)
    at new Strategy (/usr/src/server-src/node_modules/passport-saml/lib/passport-saml/strategy.js:28:16)
    at Object.passportInit (/usr/src/server-src/controllers/Authutils.js:696:20)
    at Object.<anonymous> (/usr/src/server-src/index.js:45:13)
    at Module._compile (internal/modules/cjs/loader.js:1085:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
    at Module.load (internal/modules/cjs/loader.js:950:32)
    at Function.Module._load (internal/modules/cjs/loader.js:791:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSHGYS","label":"IBM Cloud Pak for Data"},"ARM Category":[{"code":"a8m3p000000UoRmAAK","label":"Authentication-\u003ESecret"}],"ARM Case Number":"TS005647081","Platform":[{"code":"PF040","label":"Red Hat OpenShift"}],"Version":"All Versions"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
16 July 2023

UID

ibm16453971

Page Feedback