Troubleshooting

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.

This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Google Cloud Platform (GCP) OpenID Connect (OIDC) and Single Sign‑On for VMware Tanzu.

Symptom:

Dialog box says welcome to Example, Email,
    Password and fields and a sign-in button.

Explanation:

  • Incorrect or unavailable discovery URL. No link will appear on the login page.

No OAuth Client Found

Symptom:

Gcp no client

Explanation:

  • Incorrect OAuth Client ID configured.

Unauthorized

Symptom:

Gcp unauthorized

Explanation:

  • Incorrect OAuth client secret configured.

Redirect URI Mismatch

Symptom:

Gcp mismatch

Explanation:

  • Incorrect authorization redirect URI on OAuth Client.

Empty Username

Symptom:

Gcp empty

Explanation:

  • user_name attribute was not mapped to email.

Unable to map claim to a username

Symptom:

Gcp empty

Explanation:

  • The scope for “email” was not configured. Select the “email” scope in your identity provider configurations.