When user logs in using SAML, they face 403 access denied error. We checked the users ID and they have the required access levels. When checked on tomcat-stdout logs we see the following issue 'Cannot request SAML Assertion for SBAF Authorize Click since user is not valid for SBAF'. Any leads on this?
Discussion posts and replies are publicly visible
Is this user logging in for the first time, or did it work before and suddenly broke?Still you can check few basic things :-Check user is active and should be part of SAML Users/authentication group.Verify the IdP is sending the exact Appian username, with correct case.If group sync enabled, confirm user is in auth group prior to SAML login, as sync happens post-auth.FYI - https://community.appian.com/support/w/kb/370/kb-1153-saml-authentication-faq
Run a SAML Trace, capture exactly what the IdP is sending. The KB article KB-1450 specifically covers how to gather a SAML trace to identify the Appian username shown in the SAML assertion — this will tell you definitively what value SBAF is trying to validate against. Appian