On the Remote Application Server, two notifications appear (username is the name of the user):
- SAML - User "username" - Failed to find AD user for username
- SAML: Failed to Identify User from Assertion
In the controller.log file of the Remote Application Server, a similar error is logged:
[I 06/0000000E/T22E8/P0E74] 19-12-22 13:42:45 - User (administrator) connected from client (10.1.10.31:49495), machine (html5-a3dd1585)(FF-FF-A3-DD-15-85) mode Gateway SSL, using OS: HTML5, Client version: 19.1.0 (build 23468).
[E 72/00000006/T22E8/P0E74] 19-12-22 13:42:45 - SAML - User:'Administrator' - Failed to find AD user for Administrator
[E 0E/0000002C/T22E8/P0E74] 19-12-22 13:42:45 - SAML: Failed to Identify User from Assertion
In the User Portal, the user sees this message:
Logon using SAML failed. Error: Failed to match AD User. (0X00000006)
The UPN is missing in the Active Directory.
Verify if a userPrincipalName is set for this particular user in the Active Directory.