Invalid Division for Operator on accessing the SSO url
Hi Team, Iam trying to implement SSO using SAML in Pega 8.2.1. I have configured the url in our identity. For the Operator identification, i tried both Name identifier in the subject and Attribute. But iam always getting the below error in the logs
Hi Paul, Its not even reading the attribute parameter for the operator from SAML. I have choosen name and attribute, but it was unable to read the operator from saml. That why in the log, its giving the below message when i dont select "Enable operator provisioning using model operator".
Unable to process the SAML WebSSO request : Unable to derive operator from SAML assertion
If i select, "Enable operator provisioning using model operator", then its throwing the message
For this issue you need to get the SAMLResponse being sent to PRPC. You have debug on so you probably have the Base64 encoded value for the SAMLResponse in our logs, don't post it here please. You just need to decode that and then look at where the operator id reference really is, NameID or an attribute. You wouldn't use an attribute unless you know the attribute being used.
Hi Chris, I traced the SAML response and all the attributes and NameID exist in the saml response. Its getting the operator from saml and a validation in Pega out of box code is throwing error which says invalid division. Iam just checking if any faced this issue and got a resolution.
I checked my org, div and unit rules and everything looks ok.
This issue has been resolved by using the NameID and model operator as reference "By Organization hierarchy" You dont need to provide any pre and post activities in latest versions. But inorder to build the access groups from the roles retruned from idp, we need an post activity.