Skip to main content

Question

 Craig Armstead (CraigA52)
Virgin Media

Virgin Media
GB
CraigA52 Member since 2017 48 posts
Virgin Media
Posted: 2 days 18 hours ago
Last activity: 2 days 18 hours ago
Posted: 5 Feb 2025 5:06 EST
Last activity: 5 Feb 2025 5:10 EST

SAML Logging

Hi All,

I need the ability to log the user trying to log in via SAML (Okta in our case) when they have either no account within Pega or the Username being sent doesn't match what we have in Pega without enabling Category logging for com.pega.pegarules.integration.engine.internal.auth.saml.SAMLResponseHandler.  As this logs everything for everyone.

We are seeing a lot of users complaining as they are seeing this message when trying to log in

Unable to derive operator from SAML assertion

How can this be achieved?  Preferably OOTB way of doing it.

Thanks Craig

To see attachments, please log in.
Pega Platform 8.8.2
Pega Platform
Security
Communications and Media
System/Cloud Ops Administrator

  • Reply
Posted: 2 days ago
Posted: 5 Feb 2025 5:10 EST
Craig Armstead (CraigA52)
Virgin Media

Virgin Media
GB

I should mention we are using the option "Name identifier in the subject" which is working just fine for most people. 

So its not a Pega configuration issue.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice