Overview
Some users are unable to access Jive and are getting an SSO error, even though the users' profile is up-to-date in their Active Directory.
When trying to access Jive, the user gets the following error:
There was an error during SAML authentication com.jivesoftware.community.aaa.sso.SSOAuthenticationException: SSO user update attempted when the underlying implementation does not support it.
This article provides the steps to resolve the issue described above.
Diagnosis
The error is usually caused by a mismatch of information between the SSO side and Jive, which results in the connection being refused.
To verify this information an investigation can be made by looking into the logs, the information stored in the database, and the error that the user is getting.
Refer to the investigation results for a sample case below:
Results from a DB query on the jiveuser table (SELECT * from jiveuser where email like 'john.smith%')
Column Name | Data |
firstname |
John |
creationdate |
XXXXXXXXXX |
lastprofileupdate |
XXXXXXXXXX |
modificationdate |
XXXXXXXXXX |
initiallogindate |
XXXXXXXXXX |
userid |
4780 |
lastname |
Smith |
federated |
1 |
lastloggedin |
XXXXXXXXXX |
email |
john.smith@community.com |
username |
john.smith@community.com |
From Jive application logs:
Last user activity recorded:
username:john.doe@community.com userid:4780 timestamp: 2019-03-07 06:31:42.932
The userid in both sources is the same: 4780 but there is a difference in the username.
From the error returned by the SSO:
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">john.smith@community.com</NameID>
As can be seen, there are inconsistencies in the values of the username: john.smith vs. john.doe.
Solution
Make sure that the user information is the same in both SSO and Jive. To achieve this, align with the user's internal AD team to update the necessary fields for the user profile so information in both systems match.
Comments
0 comments
Article is closed for comments.