Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

SAML authentication using Okta – HTTP verb not allowed

Solved801 views18th July 2024external authentication OKTA SAML
1
Koen Bouckhout [SLC] [DevOps Advocate]1.29K 12th March 2024 0 Comments

Hi Dojo,

When trying to setup external authentication using Okta on a production DMS, we ran into the following issue.  When trying to login to the dataminer web UI, the following error is thrown.

Any idea where this is coming from or how to overcome?
Note that for the configuration, the steps as documented in the documentation section on Okta have been carefully followed.

Initially an issue occurred with Cube as well ("request invalid") but after removing AutomaticUserCreation from the dataminer.xml file, connecting with Cube using external Okta authentication was successful.  But still the issue with the not allowed http verb remains when trying to login to the web pages.

It was double checked that the Single Sign On and Recipient, Destination and Audience Restriction URLs were correctly configured on Okta and the EntityID in the okta-sp-metadata.xml matches the one from okta-ip-metadata.xml.  And since Cube connection seems to work, it looks like the basic configuration is correct.

Any feedback is welcome to further troubleshoot this!

Thanks a lot.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 18th July 2024

1 Answer

  • Active
  • Voted
  • Newest
  • Oldest
0
Michiel Masschelein [SLC] [DevOps Member]280 Posted 14th March 2024 2 Comments

Hi Koen,

I would start with checking again that the Assertion Consumer URLs in SPMetadata.xml and those configured on Okta match. A while ago a change was made that bundles the reply URLs so only /API/ needs to be present.

Secondly, Okta is only supported with the Automatic User creation. Are you sure you left the password box empty when logging in to cube? Only in this case is the SAML flow triggered.

A good way to trouble shoot SAML issues is to use Client Test Tool, when connecting you can check the box "Debug SAML", select "explicit credentials" and leave the password box empty again (username can be anything as long as it's not empty or "Administrator".

This should show a SAML Request and Response in separate windows. In the response you can check that the URL it is replying to is the correct one. (Look for a "Subject" tag, in "SubjectConfirmationData" you should see a "Recipient" attribute that has a URL to which the response is replying to

A list of common issues and fixes is listed here: https://docs.dataminer.services/user-guide/Advanced_Functionality/Security/Advanced_security_configuration/Configuring_SAML/Troubleshooting_SAML_Issues.html

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 18th July 2024
Koen Bouckhout [SLC] [DevOps Advocate] commented 14th March 2024

hi Michiel,

Thanks for the suggestions. We’ll look into it.
I do want to comment on your note about okta only being supported with Automatic User Creation. On the docs page about “SAML Using Okta” there is a Note that mentions an alternative.
Extract from the docs page:

“you can add local users or domain users in DataMiner, and then you can have Okta authenticate these users by following the guide below, except that you omit the AutomaticUserCreation tag in DataMiner.xml”

I believe that is what was done. Is this a supported configuration?

Michiel Masschelein [SLC] [DevOps Member] commented 12th June 2024

Hi Koen, yes this is possible, with my answer I meant that there is no option to import users from Okta

Authenticating local users through SAML is still possible

You are viewing 1 out of 1 answers, click here to view all answers.
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Web Applications exception in Cube due to invalid certificate 0 Answers | 0 Votes
Redundancy Groups and Alarming – Duplicate Alarms 0 Answers | 0 Votes
Correlation Engine: “Test rule” doesn’t result in a hit, despite functional rule 1 Answer | 3 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (109) Correlation (69) Correlation rule (52) Cube (151) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (140) driver (65) DVE (56) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (152) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin