Troubleshooting

No Link for OIDC
No OAuth Client Found
Unauthorized
Redirect URI Mismatch
Empty Username
Unable to map claim to a username

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.

This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Google Cloud Platform (GCP) OpenID Connect (OIDC) and Single Sign‑On for VMware Tanzu.

No Link for OIDC

Symptom:

Dialog box says welcome to Example, Email,
Password and fields and a sign-in button.

Explanation:

Incorrect or unavailable discovery URL. No link will appear on the login page.

No OAuth Client Found

Symptom:

Gcp no client

Explanation:

Incorrect OAuth Client ID configured.

Unauthorized

Symptom:

Gcp unauthorized

Explanation:

Incorrect OAuth client secret configured.

Redirect URI Mismatch

Symptom:

Gcp mismatch

Explanation:

Incorrect authorization redirect URI on OAuth Client.

Empty Username

Symptom:

Gcp empty

Explanation:

user_name attribute was not mapped to email.

Unable to map claim to a username

Symptom:

Gcp empty

Explanation:

The scope for “email” was not configured. Select the “email” scope in your identity provider configurations.

Create a pull request or raise an issue on the source for this page in GitHub