Troubleshooting

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu Application Service.

Page last updated:

This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Google Cloud Platform (GCP) OpenID Connect (OIDC) and Single Sign‑On for VMware Tanzu Application Service.

No Link for OIDC

Symptom:

Explanation:

• Incorrect or unavailable discovery URL. No link will appear on the login page.

No OAuth Client Found

Symptom:

Explanation:

• Incorrect OAuth Client ID configured.

Unauthorized

Symptom:

Explanation:

• Incorrect OAuth client secret configured.

Redirect URI Mismatch

Symptom:

Explanation:

• Incorrect authorization redirect URI on OAuth Client.

Empty Username

Symptom:

Explanation:

• user_name attribute was not mapped to email.

Unable to map claim to a username

Symptom:

Explanation:

• The scope for “email” was not configured. Select the “email” scope in your identity provider configurations.