Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

SSO with Entra is not working

savor92
New Contributor II
New Contributor II

We currently have Okta implemented for SSO and migrating to Entra. I created a new IdP provider for Entra and filled in all the required SP information from Saviynt into our Entra configurations. After the configuration, I also performed a manual application restart.

When performing an IdP initiated SSO request from Entra to Saviynt I am presented with below error:

OOPS !

Unable to Login to Saviynt.
"Please click here" to go to logout page and try again.

Checking the Saviynt logs:

2024-08-06T15:26:53.329398853Z stdout F Caused by: org.opensaml.saml2.metadata.provider.MetadataProviderException: No local entity found for alias SaviyntEntra, verify your configuration.
2024-08-06T15:26:53.329584506Z stdout F 2024-08-06 15:26:53,329 [http-nio-8080-exec-60] DEBUG auth.LoginController  - thresholdcount...0
2024-08-06T15:26:53.329824274Z stdout F 2024-08-06 15:26:53,329 [http-nio-8080-exec-60] DEBUG auth.LoginController  - loginfailed :  Sorry, we were not able to find a user with that username and password.
2024-08-06T15:26:53.440945307Z stdout F 2024-08-06 15:26:53,440 [http-nio-8080-exec-59] DEBUG auth.LoginController  -  ****** loginfailed: 

What concerns me is "No local entity found for alias SaviyntEntra, verify your configuration." However, checking the currently configured IdP providers, you can see SaviyntEntra registered as a SP entity ID.

savor92_0-1722958824526.png

Any assistance with this will be appreciated.

1 REPLY 1

rushikeshvartak
All-Star
All-Star

The error you're encountering, "No local entity found for alias SaviyntEntra, verify your configuration", indicates that the Service Provider (SP) entity ID, SaviyntEntra, specified in your Entra (formerly Azure AD) configuration might not be correctly registered or matched in the Saviynt configuration.

Here are some steps you can follow to troubleshoot and resolve this issue:

  1. Verify SP Entity ID in Saviynt Configuration:

    • Ensure that the SaviyntEntra entity ID is correctly configured in Saviynt as a Service Provider. This includes verifying that the entity ID and alias match exactly between your Saviynt SAML configuration and your Entra configuration.
    • Go to the Saviynt admin console and check the SP metadata under the SSO configuration to confirm that the entity ID is correctly set up.
  2. Check SAML Metadata Configuration:

    • Download the SAML metadata from Saviynt and verify the entity ID, endpoints, and certificates. Ensure these match what you've configured in Entra.
    • Ensure that the SP metadata is correctly imported or referenced in Entra, as any discrepancies could lead to this error.
  3. Validate the Alias Configuration:

    • The error specifically mentions an alias issue (No local entity found for alias SaviyntEntra). Double-check the alias configuration in Saviynt to ensure it's correctly linked to the entity ID SaviyntEntra.
    • If Saviynt allows specifying an alias in the SAML settings, confirm that it is set up correctly and corresponds with the Entra configuration.
  4. Check for Case Sensitivity:

    • SAML configurations can sometimes be case-sensitive. Verify that the entity ID SaviyntEntra is consistently named (case-sensitive) across both the Saviynt and Entra configurations.
  5. Review SAML Logs in Saviynt:

    • The detailed SAML logs in Saviynt may provide more specific information about why the alias could not be found. Look for additional clues that might indicate a mismatch or misconfiguration.
  6. Restart Application Services:

    • Since you already performed a manual application restart, ensure that all relevant services, especially the SSO-related services, were correctly restarted and that no errors occurred during the restart process.
  7. Re-test SSO:

    • After making any necessary corrections, perform another IdP-initiated SSO request from Entra to Saviynt to see if the issue is resolved.

If all the above steps are correctly configured and the issue persists, you might need to contact Saviynt support for more in-depth troubleshooting, as there could be a deeper issue with how the SP alias is being recognized or registered.


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.