Problem:
When attempting to log in to Legacy Control Hub with SAML enabled, users encounter an HTTP 401 error after trying to authenticate with the Identity Provider. The Login Audit trail provides the following information:
HTTP Status Code: 401 Error Type: WEB_SSO_204 Response Status: urn:oasis:names:tc:SAML:2.0:status:RequesterSolution:
The above error basically means that the Identity Provider has not granted authorization to the user, resulting in a 401 error response to Legacy Control Hub.
This issue may stem from a misconfiguration of SAML settings between Legacy Control Hub and the Identity Provider. In most cases, the problem is related to the SAML keys used by Control Hub. Ensure that the public keys are valid and that the Identity Provider is utilizing the same keys. We recommend exchanging fresh copies of metadata and public keys between Legacy Control Hub and the Identity Provider. Afterward, clear your browser's cache and attempt to log in to Control Hub again. If you encounter an issue, carefully review the Login Audit entry to check if it is a different error or not. If the problem persists, please reach out to the StreamSets Support team, providing as much detail as possible to expedite the resolution process.