How to fix the SAML provisioning rules that are not working in early versions of 23.4?
Issue Description:
Users of early versions of 23.4.0-23.4.4 may experience issues where SAML provisioning rules are not functioning as expected. This issue is preventing proper integration and functionality of SAML authentication, affecting user access and system operations reliant on these rules.
Resolution:
A specific configuration in the identity-service ConfigMap object needs to be updated. This is accomplished by executing the following kubectl commands within the Automation Suite host:
# This command patches the identity-service ConfigMap in the uipath namespace.
kubectl patch configmap identity-service -n uipath --type=merge -p '{"data":{"AppSettings__Directory__EnableDynamicGroupComputation":"true"}}'
#Restart the identity-service-api deployment for changes to take effect
kubectl rollout restart -n uipath deploy/identity-service-api
Steps to Implement the resolution:
-
Access the Kubernetes Environment: Log in to the Kubernetes cluster where the Automation Suite is deployed
-
Execute the Patch Command: Run the above kubectl command. This command patches the identity-service ConfigMap in the uipath namespace. It sets AppSettings__Directory__EnableDynamicGroupComputation to true, enabling the application to dynamically compute group memberships
-
Restart the Identity Service API: After applying the patch, run the subsequent command listed above to perform a rolling restart of the identity-service-api deployment
-
Test SAML Provisioning Rules: Conduct tests to confirm that the SAML provisioning rules are now working as expected.
- 'identity-service' configmap prior to patching
- 'identity-service' configmap after patching
- Example of provisioning rule configuration