Hey all,
I got something odd and am curious if you guys have seen it before I open a ticket. I recently enabled SAML using Okta on Bigfix. I got everything setup according to the documents available and after a restart of the services WebUI and the Console both work as expected, but WebReports does not. Upon login I get the “Invalid username or password” error and that my session has expired, which is not the case.
I enabled logging to see if there was anything there and it was not fruitful; neither was SAML-trace. Any ideas of what might be going on? Currently it is setup for LDAP, but that is all.
-J
Root Server and WebReports logs in debug can help identify the problem.
Okta must return in the SAML Response the field NameID in the format username@domain, as it will be used to search username in the LDAP configured on the Root Server.
Another problem might came from improper IP Address forwarding/masquerading; to exclude this last, you can try to login using localhost on the same WRs server.
Debug logging did nothing, and the other things you mentioned we’ve looked at already unfortunately. 
Open a support ticket and we’ll look into it.
Please, collect debug logs from Root Server and WRs, server_audit.log and the Browser Network traces:
-
Open the Chrome DevTools
Select F12
Select Ctrl+Shift+I (Windows/Linux) or Command+Option+I (macOS)
Select Customize and control Google Chrome and then More Tools > Developer Tools
-
Select the Network Tab
-
Check “Preserve log” and “Disable cache” from the toolbar
-
Start the whole login process
-
Select the Export HAR… in the toolbar to export the trace as a “HAR” file