Hi All.
What could be the reason for the error as below in communication
https://dma-test-xxxxxx.local/Login to SAML --> identity providers ??
Does DataMiner not work on IIS? – Does it have its own web server (built into Core) and does it support /Login and SAML?
If you're trying to use IIS as a frontend, /Login and /saml/acs won't work because IIS doesn't know the DataMiner application.
Is this true?
Big thanks for answer.
Br.
Jarek
HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Most likely causes:
- The directory or file specified does not exist on the Web server.
- The URL contains a typographical error.
- A custom filter or module, such as URLScan, restricts access to the file.
Things you can try:
- Create the content on the Web server.
- Review the browser URL.
- Create a tracing rule to track failed requests for this HTTP status code and see which module is calling SetStatus. For more information about creating a tracing rule for failed requests, click here.
Detailed Error Information:
Module
IIS Web Core
Notification
MapRequestHandler
Handler
StaticFile
Error Code
0x80070002
Requested URL
https://dma-xxxxxxxlocal:443/Login
Physical Path
c:\Skyline DataMiner\WebPages\Login
Logon Method
Anonymous
Logon User
Anonymous
More Information:
This error means that the file or directory does not exist on the server. Create the file or directory and try the request again
Hi Jarek,
I know ADFS might not be fully documented step-by-step, but did you try to follow some of the other documentation on SAML? Configuring SAML settings | DataMiner Docs
We don't have a /login webpage, so not sure where this is coming from. Assuming you are running 10.3.5 or later, the reply URL should be /API.
And DataMiner does use IIS, but not sure if that is relevant here...
In short this is how SAML works in a simplified way:
- You navigate to a web interface of your DMS or you open Cube to your DMS.
- The web interface will redirect you to your chosen identity provider, and this identity provider will show you their login page. Cube does the same, but in a popup window.
- After successfully authenticating against your identity provider, it gives an OK back to DataMiner and you are logged in and you can access the web interface or Cube.
Let us know if you have any questions. And don't hesitate to reach out if you need any help with setting this up. This is definitely not the easiest thing to do, especially when it's the first time.
Bert.
Hi Jarek,
You added /saml/login to the URL, that indeed does not exist. The URL should be: https://dma-test-03.xxxx.local/api
Bert
Hi Ber.
Now .
in the browser it gives https://dma-test-03.xxxl.local/api/ but I see that it goes to https://dma-test-03.xxxx.local/root and then to https://dma-test-03.xxx.local/auth/login?app=home&url= it does not log in to ADFS, it skips it and only to DataMiner
DataMiner ignores SAML and switches to local login (/auth/login)
➡ This means that the API in IIS does not work at all for the call:
https://dma-test-03.xxxx.local/api/
It's handled through the GUI, not the WebAPI.
This means that routing to the DataMiner Web API doesn't work in IIS.
This is 100% an IIS issue, not SAML ????
Big thanks for help.
Br.
Jarek
Hi Bert.
Could this be a problem in C:Skyline DataMinerWebPagesapiweb.config?
It doesn't contain ONE WebAPI entry.
This is the old web.config—the one DataMiner installed 5-8 years ago, before WebAPI was rebuilt.
Could this be a problem?
Br.
Jarek
Hi Bert.
I see, that
SAML is not installed in your DataMiner 10.5.x.
➡ Therefore, DMA completely ignores SAML and always logs locally.
➡ Therefore, there are no SAML entries in the logs.
➡ Therefore, the C:Skyline DataMinerSAML directory is not created
. ➡ Therefore, the /api/saml/login entry does not exist and DMA switches to /auth/login
.I don't have these two directories: ✔ C:Skyline DataMinerSAML (SAMLConfig.xml file) ✔ C:Skyline DataMinerWebPagesapiauthsaml
Is this the problem with my https connection to ADFS ?
Br.
Jarek
Hi Bert.
Yes, you were right.
I changed the browser query, but the problem is the same.
https://dma-test-03.xxxx.local/api/saml/login
error :
HTTP Error 404.0 – Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.
Most likely causes:
The directory or file specified does not exist on the Web server.
The URL contains a typographical error.
A custom filter or module, such as URLScan, restricts access to the file.
Things you can try:
Create the content on the Web server.
Review the browser URL.
Create a tracing rule to track failed requests for this HTTP status code and see which module is calling SetStatus. For more information about creating a tracing rule for failed requests, click here.
Detailed Error Information:
Module IIS Web Core
Notification MapRequestHandler
Handler StaticFile
Error Code 0x80070002
Requested URL https://dma-test-03.xxxxx.local:443/api/saml/login
Physical Path C:Skyline DataMinerWebPagesapisamllogin
Logon Method Anonymous
Logon User Anonymous
More Information:
If /api/saml/login immediately returns a 404, it means the browser never reaches the DataMiner WebAPI module, meaning the AuthnRequest isn't generated → ADFS doesn't see the login attempt.
Common causes:
Virtual Directory /api is not an Application in IIS
Lack of appropriate Handler Mappings in IIS for DataMiner WebAPI
<SPEntityId> missing in DataMiner.xml → SP isn't generating the correct AuthnRequest
The SAML log folder is not created in: C:Skyline DataMinerLoggingSAML
I'm a bit stuck. I think the settings in dataminer.xml are correct.
This 404 error is fundamental, and I can't resolve it.
Where can I find a solution?
Br.
Jarek