Fixing 500 Error in Terraform Cloud When Linking Azure AD for User Creation

Avatar
Johnny | Terraform Support
  • Updated

Problem

When creating a Terraform Cloud account using a Single Sign-On (SSO) linked workflow, some users may encounter a 500 error after submitting account details. This issue commonly arises when Microsoft Azure AD is used as the Identity Provider (IdP), and the user's assertion contains an invalid value for Terraform Cloud usernames.

Prerequisites

  • Users who are utilizing Microsoft Azure AD for their IdP during the Terraform Cloud account creation workflow.

Cause

The error occurs when the user's Azure AD attribute http://schemas.microsoft.com/identity/claims/displayname contains a space between the first and last names. This value is then used as the Username in Terraform Cloud, which triggers the error. You can validate the contents of the value that Terraform Cloud is receiving by Capturing a SAML Assertion as seen by the example below.

<Attribute Name="http://schemas.microsoft.com/identity/claims/displayname">
<AttributeValue>FirstName LastName</AttributeValue>

<Attribute Name="Username">
<AttributeValue>FirstName LastName</AttributeValue>

Solution

To resolve this issue, have your IdP admin follow these steps:

  1. Access the Azure AD User Attributes & Claims attributes settings.
  2. Locate the attribute http://schemas.microsoft.com/identity/claims/displayname in the attribute list.
  3. Replace the attribute value user.displayname with user.mailnickname.
  4. Save the changes.
  5. Restart the account creation process using your IdP provided App link for Terraform Cloud.

If a new SAML Assertion is captured, you should now see the Username value without a space between names.

<Attribute Name="Username">
<AttributeValue>FirstNameLastName</AttributeValue>

You can find detailed instructions in the Terraform Cloud documentation here.

Outcome

After making the necessary attribute changes, try creating a Terraform Cloud account again using the IdP provided app link for Terraform Cloud. The 500 error should no longer occur upon submission.

Additional Information

Please reach out to the Terraform Cloud Support team for additional help if needed.

Articles in this section

See more

Related articles