Josh Bridgens Posted February 24, 2021 Posted February 24, 2021 Around 3 months ago, I switched us from an LDAP import to an Azure import to incorporate 2 large areas of our company, did testing on quite a few accounts that all seemed to work fine, now I find that there are a number of accounts with the correct email address etc in Hornbill however theyu receive the following when attempting to sign in with SSO. Our SSO profile is linked to our Azure AD so I cant see that being the problem, any ideas? Josh
Victor Posted February 24, 2021 Posted February 24, 2021 @Josh Bridgens for the affected users, the value for "Name ID" attribute in the SAML response is not matching any value for "Logon ID" for any users in Hornbill. I would say to check what is being used for "Name ID" for these users in AD then check the "Logon ID" for these users in HB.
Josh Bridgens Posted February 24, 2021 Author Posted February 24, 2021 Victor, seems you are correct, these appear to be users with a different SAMAccountname... but I cant update it to match? it says the specified user already exists (i cant find them though)
Victor Posted February 24, 2021 Posted February 24, 2021 Just now, Josh Bridgens said: seems you are correct Ehm... seems? You should be able to update the logon ID... unless that's not the issue and I am misunderstanding?
Josh Bridgens Posted February 24, 2021 Author Posted February 24, 2021 "seems" was a figure of speech, you are definitely 100% correct. haha Trying to change a user to "SReynolds" but get the error message... in images... Howeveres theres no accounts with that anywhere in it..
Victor Posted February 24, 2021 Posted February 24, 2021 @Josh Bridgens aham, ok, I understand... give me a minute then
Victor Posted February 24, 2021 Posted February 24, 2021 @Josh Bridgens try this report. When you run it it should prompt you to input a user logon ID. Then it will display all users that have this logon ID (should only be one in teh list) and this will tell you what user already has that logon ID that you are trying to set for Sam... users-for-josh.report.txt
Victor Posted February 24, 2021 Posted February 24, 2021 @Josh Bridgens ummm... unless something broken, that should not happen... any users with that user ID in there (thinking maybe HB is confusing login ID with user ID)
Victor Posted February 24, 2021 Posted February 24, 2021 @Josh Bridgens ok, so I did some checks and it seems changing the login ID also checks for matches against user ID... I can somehow see why it would do that but I am not convinced is right... I'll ask development.
Josh Bridgens Posted February 25, 2021 Author Posted February 25, 2021 Thanks Victor, any help is appreciated!
Victor Posted February 25, 2021 Posted February 25, 2021 @Josh Bridgens ok so, I was advised changing the login ID will indeed check for the value against the user ID and login ID for existing users. This is required as some API calls where user ID is still used which is internally mapped to login ID. Can you try this report to see what user has that value for login ID or user ID? users-for-josh.report_2.txt
Josh Bridgens Posted February 25, 2021 Author Posted February 25, 2021 Victor, ran the report from the test user "Sam Reynolds" with Sreynolds in the fields... Im even more confused now.
Victor Posted February 25, 2021 Posted February 25, 2021 @Josh Bridgens ok, so there is a user with ID "sreynolds" that's why we can't change the login ID for the user with ID "Sam.Reynolds"... can you locate the user with ID "sreynolds" in the user list?
Josh Bridgens Posted February 25, 2021 Author Posted February 25, 2021 Ive tried to find it over the past few days and searched for anyone with Reynolds, Sam, anything in their setup and cant locate it. Happy for you to have a dig around if you want?
Victor Posted February 25, 2021 Posted February 25, 2021 @Josh Bridgens looks like I have to... might have been a bad import that created incomplete user records that exist in the system (almost certain based on the report result above). These "broken" user records are not visible in the UI. I'll send you a PM. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now