Hi All,

I am trying to integrate apigee sso with azure Ad for LDAP. I am following below doc:

https://docs.apigee.com/private-cloud/v4.18.01/installation-and-configuration-saml-edge

I am successfully able to complete till step 3 which is installing sso. However , I am getting below error while enabling saml for ui :/opt/apigee/apigee-service/bin/apigee-service edge-ui configure-sso -f edge-ui-config.txt

Error after running this command is : Authentication failed for client ssoadmin.

Can someone please help me resolve this error?

Thanks

Sonal

Does your SSO_ADMIN_SECRET for your UI install match the secret configured in your SSO install?

There can be a lot of reasons for that error(from experience), not precisely auth problem:

1. network issues with your PG DB

2. invalid creds for ssoadmin

3. invalid DB in the config file

4. there was a bug in earlier versions of the SSO when you had a typo in one of the config params (I will try to remember which)

5. config file permissions, :set ff=unix etc

…basically every problem getting your creds and validating them in front of PG DB will result this error

Please provide config file you are using, after removing sensitive data and use latest version supported 4.18.01 is not supported

@cjking yeah it does, both use same credentials.

@Denis_KALITVI Thanks for your response. I am using apigee version 4.50.0 and my config files for edge -ui is as below:

IP1=xx.xx.xx.xx

Comma separated list of URLs for the Edge UI,

in the format: http_or_https://IP_or_hostname_of_UI:9000.

You can have multiple URLs when you have multiple installations

of the Edge UI or you have multiple data centers.

EDGEUI_PUBLIC_URIS=https://apigee-test-ui.co.uk

Publicly accessible URLs for Edge UI.

EDGEUI_SSO_REGISTERD_PUBLIC_URIS=$EDGEUI_PUBLIC_URIS

Required variables

Default is “n” to disable SAML support.

EDGEUI_SSO_ENABLED=y

Information about apigee-sso.

Externally accessible IP or DNS of apigee-sso.

SSO_PUBLIC_URL_HOSTNAME=apigee-test-sso.co.uk
SSO_PUBLIC_URL_PORT=443

Default is http. Set to https if you enabled TLS on apigee-sso.

SSO_PUBLIC_URL_SCHEME=https

SSO admin credentials as set when you installed apigee-sso.

SSO_ADMIN_NAME=ssoadmin
SSO_ADMIN_SECRET=Secret123

The name of the OAuth client used to connect to apigee-sso.

The default client name is edgeui.

EDGEUI_SSO_CLIENT_NAME=edgeui

Oauth client password using uppercase, lowercase, number, and special chars.

EDGEUI_SSO_CLIENT_SECRET=ssoClient123

If set, the existing EDGEUI client is deleted and new one is created.

The default value is “n”.

Set to “y” when you configure SAML and change the value of

any of the EDGEUI_* properties.

EDGEUI_SSO_CLIENT_OVERWRITE=y

edge-sso-config also has same credentials:

SSO admin user name. The default is ssoadmin.

SSO_ADMIN_NAME=ssoadmin

SSO admin password using uppercase, lowercase, number, and special chars.

SSO_ADMIN_SECRET=Secret123

I. have validated again it’s not invalid DB or invalid credentials.

Could you please elaborate more on network issues with PG DB (during installation of edge-sso, it creates table with name apigee_sso in PG so it should be able to fetch the token also during edge-ui)

Please advice as I am currently stuck at this step which is the last step of enabling saml on UI.

Thanks

Sonal

you are using HTTPS for MS. does your server trust this certificate? because of HTTPS (and not trusting this cert) - it might give the error you observing