Troubleshooting
Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.
This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Google Cloud Platform (GCP) OpenID Connect (OIDC) and Single Sign‑On for VMware Tanzu.
No Link for OIDC
Symptom:
Explanation:
- Incorrect or unavailable discovery URL. No link will appear on the login page.
No OAuth Client Found
Symptom:
Explanation:
- Incorrect OAuth Client ID configured.
Unauthorized
Symptom:
Explanation:
- Incorrect OAuth client secret configured.
Redirect URI Mismatch
Symptom:
Explanation:
- Incorrect authorization redirect URI on OAuth Client.
Empty Username
Symptom:
Explanation:
user_name
attribute was not mapped toemail
.
Unable to map claim to a username
Symptom:
Explanation:
- The scope for “email” was not configured. Select the “email” scope in your identity provider configurations.