Description: When trying to connect to the VPN via SAML using your OpenVPN Access Server, you receive this error:
Mismatch between provided username 'UserA' and username provided by SAML Identity provider 'UserB'
We provide some possible reasons for this error and how to solve it:
1. You set SAML as the default authentication system under "Authentication > Settings" and you're trying to connect to the VPN using a client profile for a PAM, LOCAL, RADIUS, or LDAP User:
In this scenario, you connect with the client profile for the user, "test," which is a LOCAL user. The user allocated on the SAML IdP is "brandon.jimenez@openvpn.net".
To fix the error in this situation, ensure you use the client profile for a valid SAML user allocated on your SAML IdP side and associated with your SAML application.
2. You set SAML as the default authentication system under "Authentication > Settings" and you're trying to connect to the VPN using a client profile for a SAML User from IdP1 (such as Google Workspace), but your user is in another IdP2 (such as OKTA):
In this scenario, you connect with a client profile for user, "brandon-saml@openvpngsuite.dev" — a SAML user with Google Workspace. You've configured your OpenVPN Access Server with SAML settings from a different SAML IdP such as OKTA where the user is "brandon.jimenez@openvpn.net".
To fix the error in this situation, ensure you use a client profile for a valid SAML user allocated on your SAML IdP side and associated with your SAML application. Also, ensure you have the correct SAML settings on your OpenVPN Access Server for the SAML IdP that you want to connect with.
3. You set SAML as the default authentication system under "Authentication > Settings" and you're trying to connect to the VPN using a server-locked profile, but you type a user that doesn't exist in your SAML IdP:
For instance, I use a server-locked profile and type "brandon-saml@openvpngsuite.dev" which is a SAML user on Google Workspace (type any value under the password field):
But the SAML IdP Configured is OKTA, hence you have the same issue:
When using a server-locked profile, the solution is to make sure to type a valid SAML user allocated on your SAML IdP side and associated with your SAML application. Also, ensure you have the correct SAML settings on your OpenVPN Access Server for the SAML IdP that you want to connect with.
If you have additional questions, please submit a ticket.
Comments
0 comments
Please sign in to leave a comment.