SAML with LDAP lookup not working after upgrade from 11.0 to 11.1, users get error "Login Failed: Incorrect LDAP user name or password."
There were changes on SAML assertion with the attribute mapping on which LDAP bind must match with login format from IdP.
If existing LDAP authentication is set to use "samaccountname" for KBOX_USER and the login format coming from the IdP (OKTA, Azure, GSUITE, CyberARK.... etc) is mail format "username@domain.com" this will cause the login to be rejected
Since the configuration for LDAP lookup in SAML settings will use the existing LDAP binds to verify the attribute mapping, the following changes must be done in order to make it work:
For any questions or assistance required please contact Support.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center