Prisma Cloud: Error 'SAML_RESPONSE'. Expected Value: '<valid role name>'

Prisma Cloud: Error 'SAML_RESPONSE'. Expected Value: '<valid role name>'

1980
Created On 05/27/22 01:53 AM - Last Modified 01/08/26 17:16 PM


Symptom


Error occurred due to unexpected value of required field when logging into Prisma Cloud Console.
'SAML_RESPONSE'
Expected Value: '<valid role name>'

Screen_Shot_2022-05-26_at_9_40_31_PM-2.jpg

 
 

Environment


  • Prisma Cloud
  • Identity Provider Initiated (IdP-initiated)
  • SSO ( Single Sign-On)

Cause


Role Name is missing in Prisma Cloud Settings.

Resolution


We can see in the above error screenshot that Identity Provider (IDP) is forwarding ROLE=[System] so create a Role. Name: System in Prisma Cloud under Settings > Access Control > Roles. (As seen in the image below)

Note:
Identity Provider (IDP) Role Name must match with Prisma Cloud Role Name and its case-sensitive.

Example:

Name: System

GUI: Log into Prisma Cloud Console > Settings > Access Control > Roles > Edit Role 

Screen Shot 2022-05-26 at 10.03.06 PM.png

Additional Information


Set up SSO Integration on Prisma Cloud 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CpkKCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail