Data Governance Administrator Guide > Troubleshooting Axon Data Governance > Cannot Log In to Axon Using SSO
  

Cannot Log In to Axon Using SSO

When you enable Single Sign-On (SSO), users can log in to Axon using login credentials that are common to other applications in your organization. Axon uses SSO to authenticate users based on the Identity Provider (IDP) credentials.
If users cannot log in to Axon using SSO, perform the following tasks:

Verify the SSO Settings

Make sure that you have configured the SSO settings correctly. For SSO configurations, refer to Configure Single Sign-On.
  1. 1. In the IDP, make sure that Axon is configured as a SAML 2.0 application.
  2. 2. In the IDP, make sure that Axon details and the properties for the SAML attributes are entered correctly.
  3. 3. If you cannot access the SSO settings in Axon, disable SSO from the Linux environment.
    1. a. Run the following command to define the Axon environment variable so that the Linux system can access the Axon resources at the correct location:
      2. source <INSTALLATION_DIR>/scripts/exportEnv.sh
    2. b. Go to the <INSTALLATION_DIR>/axonhome/axon directory, and run the following command to disable SSO:
      3. <INSTALLATION_DIR>/axonhome/third-party-app/php/bin/php bin/console informatica:sso-disable
  4. 4. In Axon, make sure that the values of the SAML metadata are entered correctly.

Verify the SSO Settings in the SAML Response File

After Axon users enter their SSO credentials, the IDP sends a SAML response to Axon. Open the response file and verify that the following properties display the correct values for the Axon users:
Property
Value
orgunit
Organization unit of the Axon user
statusID
Status of the Axon user in the IDP database. The value must be 1.
firstName
First name of the Axon user
lastName
Last name of the Axon user
orgunitDescription
Organization unit description for the Axon user
orgunitTitle
Title of the Axon user in the organization unit
email
Email address of the Axon user
profile
Profile of the user in Axon. The value must be 4, 5 or 6.
For example, the values for the Axon user John Wilson might look like this:
SAML response values
SAML response values
Verify that the X.509 certificate values are correctly retrieved from the IDP. For example, the X.509 certificate value might look like this:
Sample X.509 certificate value
If you have configured the properties in the IDP correctly, the values in the SAML response file must match the values you enter in the IDP.