Alteryx Server Discussions

sdk-altx

Hi,

I have set up a new Server install of Alteryx and configured the System settings including setting up SAML authentication. Verified IDP with my user account.

When i try and sign in from the gallery page to start configuring users i have a message saying:

Page Not Found

The page you are trying to reach does not exist.

Checking the SSO logs (alteryx-sso-date.csv) in C:\ProgramData\Alteryx\logs i have four lines at attempted sign in time which suggest everything is ok.

SustainSys: Signature validation passed for Saml Response

SustainSys: Extracted SAML assertion

SustainSys: Validated conditions for SAML2 Response

'HmacSha256Token' successfully created for userId:

I have rechecked the claims on the IDP and everything looks ok. Are the above logged lines normal for SAML connection? Am i missing something else?

I have also logged into the mongodb and confirmed that the default gallery administrator account has been created and its not locked. I can also see that the user account has a role of 'Evaluated' which i assume is expected? I have updated this to 'Curator' from the mongodb but still with no success to sign and always get the above error.

Version: 2024.1 Patch 4

I would really appreciate any help with this issue. Thanks !

fmvizcaino

Hi @sdk-altx ,

It seems you did your homework and know what you are doing. I would look at the rows after those four and check the claims for anything weird.

You probably saw this already, but just in case you haven`t. https://knowledge.alteryx.com/index/s/article/Error-Page-Not-Found-after-authenticating-via-OKTA-Ide...

There, you will see what to expect in your log file related to the claims.

Since you have already changed things on your MongoDB, I would delete it and start with a fresh mongoDB just in case.

Best,

Fernando Vizcaino

sdk-altx

Hi @fmvizcaino

Thanks for your reply.

Yes i have seen that knowledge base article. We are using Entra ID for the IDP. I have tried amending the claims but i believe the claims are ok as when i change them to something obviously incorrect i see this logged as an issue in the SSO log but no issue reported in this log file when i configure the claims as documented.

In the SSO log after these four lines there is nothing else logged. What could this indicate as the issue?

I have two separate installs of Alteryx (Test and Prod) with their own IDP app. I have only updated the database on the Test install. I have the same issues with both the Test and Prod install.

Thanks for help.

fmvizcaino

Hi @sdk-altx ,

I have never configured SAML for EntraID so I`m not sure if only having those 4 lines is expected. What I can say is that for AzureAD and Okta, the claims will show in the log file.

What do you see when you click on verify IDP? One thing that you can verify is if Entra can reach your Alteryx server. Turning off the firewall might simplify this step.

I will share some links that I found while trying to answer your question.

https://learn.microsoft.com/en-us/entra/identity/saas-apps/alteryx-server-tutorial

https://community.alteryx.com/t5/Engine-Works/Alteryx-Architectures-SAML-SSO-Authentication/ba-p/895...

Best,

Fernando Vizcaino

sdk-altx

Hi @fmvizcaino

Thanks a lot for your help.

Verify IDP was responding with Success as expected.

The issue was related to us using a Load Balancer before the Alteryx server and because of this we had to move to using SSL/TLS End to End as documented in the below.

https://knowledge.alteryx.com/index/s/article/Requirements-for-Configuring-Alteryx-Server-with-a-Loa...

Once we did this we were able to login to gallery as expected.

When this was working successfully we still never got any additional logs in the alteryx-sso log other than the same 4 lines.

Thanks again for your help.