SAML Authentication Failure

Symptom

When logging in to FME Flow with credentials from a SAML identity provider, authentication fails with a message similar to the following:

This issue may occur on Distributed installations of FME Flow that use an Apache Tomcat web application server, and connect to a SAML identity provider through a reverse proxy.

Cause

The SAML login HTTP request did not send the URL of the reverse proxy to the SAML identity provider.

Resolution

Append the fully-qualified hostname of your reverse proxy to the fmeserver.saml.custom.baseurl= line in the SAML application.properties file. If your FME Flow uses an Apache Tomcat web application server provided with the installation, this file is located in <FMEFlowDir>\Utilities\tomcat\webapps\fmesaml\WEB-INF\classes\.
Restart FME Flow.