Introduction
Problem
When attempting to login to Vault via the CLI using the SAML authentication message Vault may report the error:
$ vault login -method=saml
Unknown auth method: saml. Use "vault auth list" to see the complete list of
auth methods. Additionally, some auth methods are only available via the HTTP
API.
Cause
- Using the Vault Community edition binary instead of the Vault Enterprise binary.
- The SAML authentication method is a Vault Enterprise exclusive feature introduced in Vault 1.15.0, if the minimum version of 1.15.0 is also not met on the client side, SAML authentication will be unavailable.
This can be confirmed by examining the output of the vault version command and checking for the minimum version requirement of 1.15.0 and the presence of the 'ent' string, indicating a Vault Enterprise binary:
Vault Community binary:
$ vault version
Vault v1.15.6 (615cf6f1dce9aa91bc2035ce33b9f689952218f0), built 2024-02-28T17:07:34ZVault Enterprise binary:
$ vault version
Vault v1.15.6+ent (42423da94cdc8f4b417e7cd5bef1298c9684a6cb), built 2024-02-28T18:21:59Z
Overview of possible solutions
Solution:
Download and install the Vault Enterprise binary from https://releases.hashicorp.com/vault which matches the version in use on the Vault servers. Enterprise binaries are denoted by the 'ent' string in the name. Once installed locally on your computer you can again check the output of the vault version command to ensure the 'ent' string is present.
Outcome
Once using the correct Vault client binary users should be able to authenticate using SAML.