When troubleshooting single sign-on (SSO) login errors, also check the log file named swaggerhub.json for additional diagnostic information.
A new user is created even though the user already exists
This happens if the user’s email address in the identity provider (IdP) does not match the email address stored in SwaggerHub. In this case, SwaggerHub cannot associate the SSO login with the existing user and creates a new user instead. Please contact SmartBear Support to resolve the issue.
Okta and SAML
Incomplete response received from application
This error can occur in the following cases:
A new SSO user logs in using an email address containing
+or other unsupported characters. Please refer to Username and email considerations for the supported characters in email addresses.
(In versions prior to 1.20.1) The SSO login email matches an existing internal user (for example, admin) but this user has not been migrated to SSO. To learn how to migrate the users, see Migrating Existing Users to Single Sign-On.
Email attribute missing from SAML profile
The SAML response from your IdP does not contain the
Here is an example of the
... <saml2:Assertion <saml2:AttributeStatement> <saml2:Attribute Name="email" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"> <saml2:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">USER@EXAMPLE.COM</saml2:AttributeValue> </saml2:Attribute> </saml2:AttributeStatement> ... </saml2:Assertion> ...
|Note:||In SwaggerHub On-Premise v. 1.19.1 and later, the system expects the
Unable to extract username from email attribute
Cannot POST /login/callback
This error can occur in SwaggerHub On-Premise versions prior to 1.18.8 in the following cases:
The SAML response from the identity provider (IdP) is missing the
We recommend that you upgrade your SwaggerHub On-Premise instance to the latest version, which does not have this issue.
LDAP and Active Directory
Incorrect LDAP authentication settings can result in the following error messages at user login.
Invalid user name or password
This usually means that the Profile name option (or LDAP Username Field in earlier versions) is misspelled or specifies a non-existent field.
Self-signed certificate in certificate chain
This means your LDAPS server is using a self-signed certificate or a certificate signed by a private CA. You need to upload your trusted root certificate to SwaggerHub so that it trusts this certificate. See the instructions here.
After you have configured the trusted certificates, click Test LDAP to verify the connection.
This error can happen in versions prior to 1.20.1, and it means that a user with this email already exists but was not migrated to single sign-on. Please run the maintenance script to migrate the users, and then ask the user to try again.
Alternatively, upgrade your SwaggerHub On-Premise instance to the latest version, which does not have this issue.