CMK version: 2.2.0p20 CME
Error message: Authentication failed Please contact your administrator
Error message: AttributeError: Configured user attribute cannot be found in response
I was getting the error for one and only one account. Everything was working fine, but couldn’t find the solution, until now.
I used the following resources to set up SAML authentication for CheckMK
CheckMK Docs for SAML
Tutorial on SAML from CheckMK Youtube channel
At the Enterprise Application you specify users and or groups (preferable groups), to allow users to use that Application to do SSO for signing in/up to your CheckMK server.
For the SSO you add Groups claim at “Attributes & Claims”, which you can see at 04:57 in the youtube tutorial.
In this video the option “Which groups associated with the user should be returned in the claim”, is set to “All groups”.
However if you have more than a 150 group memberships for a single user, it’s possible that during the authentication with CheckMK that group membership won’t be included because of that limit. (At least that was the problem I had).
This can be solved by selecting the option “Groups assigned to the application” instead. See Microsoft Documentation for more info
After selecting that option, the amount of groups no longer caused issues and the authentication went smoothly, user was provisioned like it was supposed too.