Problem
When attempting to log in to Terraform Enterprise using SAML, you may encounter the following error message.
An error occurred. Please contact your TFE Administrator for further information. ERROR: Issuer of the Assertion not found or multiple.
Prerequisites
- Terraform Enterprise with SAML enabled.
Cause
This error occurs when the SAML settings in Terraform Enterprise do not match the configuration in your SSO identity provider. Specifically, this can happen if the following features are enabled in the Terraform Enterprise SAML configuration but are misaligned with the identity provider's settings:
Enable AuthnRequestsSignedEnable WantAssertionsSigned
Solutions
Solution 1: Verify SSO Identity Provider Settings
Work with the team responsible for your SSO identity provider to verify that the SAML configuration settings in Terraform Enterprise match the settings on the provider's side. Ensure that settings for signed authentication requests and assertions are consistent across both systems.
Solution 2: Decode the SAML Assertion
To get more details about the mismatch, capture and decode the SAML assertion. Follow the steps in the guide on Capturing a SAML Assertion to analyze the assertion data and identify the specific configuration discrepancy.
Outcome
After aligning the SAML configurations, you should be able to log in to Terraform Enterprise successfully using SAML.
Additional Information
- For more details on configuring SAML in Terraform Enterprise, refer to the official SAML Configuration documentation.