Problem
After you re-enable a previously disabled Single Sign-On (SSO) provider connection in HCP Terraform, attempts to connect fail, even with known working user credentials and configuration.
This issue may present itself in the following ways:
- No users are able to log in to HCP Terraform with their SSO credentials.
- The SSO Connection Test in HCP Terraform fails with a 404 error and presents the following message:
Not Found Sorry, the page /sso/saml/acs could not be found.
- The SSO Connection Test in HCP Terraform succeeds, but re-enabling the connection fails and presents the following error:
Unable to enable provider Cannot read properties of undefined (reading 'status')
Prerequisites
- An HCP Terraform organization where an SSO connection was successfully configured, then disabled, and is now being re-enabled.
Cause
When you create an SSO connection in HCP Terraform, it communicates with the SSO provider to exchange and validate required configuration values. If you disable and later re-enable this connection, the initial configuration that was negotiated between HCP Terraform and the SSO provider becomes invalid, causing authentication to fail.
Solution
To resolve this issue, you must delete the existing SSO connection and create a new one.
Solution 1: Recreate the SSO Connection
- Delete the invalid SSO connection from your HCP Terraform organization settings.
- Re-create the connection by following the documentation for your specific SSO provider, available in the Configuring Single Sign-On documentation.
- After creating the new connection, follow the Testing Single Sign-On guide to validate that the connection is working correctly.
- Once the test is successful, enable the connection. Users should now be able to log in to HCP Terraform using their SSO credentials.