FME Flow: 2024.2

SAML Authentication Failure

Symptom

When logging in to FME Flow with credentials from a SAML identity provider, authentication fails with a message similar to the following:

This issue may occur on Distributed installations of FME Flow that use an Apache Tomcat web application server, and connect to a SAML identity provider through a reverse proxy.

Cause

The SAML login HTTP request did not send the URL of the reverse proxy to the SAML identity provider.

Resolution

  1. Append the URL of your reverse proxy to the fmeserver.saml.custom.baseurl= line in the SSO application.properties file. If your FME Flow uses an Apache Tomcat web application server provided with the installation, this file is located in <FMEFlowDir>\Utilities\tomcat\webapps\fmesaml\WEB-INF\classes\.

    2. For example:

    fmeserver.saml.custom.baseurl=https://myserver

  2. Restart FME Flow.