Custom Application Username Causes Internal System Error Skip to main content
https://support.okta.com/help/answers?id=906f0000000bluriay&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Jeff MinardJeff Minard 

Custom Application Username Causes Internal System Error

I apologize for making this a "question" instead of a support request -- but the support request feature was giving me an "internal error". So...go figure.

I have (two now) applications that I want to use `${user.employeeNumber}` as the SAML "Application username" and when it is set up as such I can't add any users to the application. When I add the 'everyone' group the login process fails, telling me I'm not authorized :)

When I attempt to add the user to the application(s) from the user's profile page, I get a 500 error response, one example of the return content is:
 
{"errorCode":"E0000009","errorSummary":"Internal Server Error","errorLink":"E0000009","errorId":"oae_s0ehfWVTPeP7tOOzAMHpw","errorCauses":[]}

Thanks!
Best Answer chosen by Jeff Minard
api-workday api-workdayapi-workday api-workday
HI Jeff,

The full expression language isn't available when using custom expressions to assign the application username format in the 'Sign On' tab.
  1. If you go to Director->Profile Editor-Profiles Mappings
  2. Select the Mapping for the Apps in question
  3. Select the 'Okta to App in question'
  4. Override the username mapping and define
    1. user.employeeNumber maps to app.userName (or user.employeeID != null ? source.employeeID : 000000)
    2. select the appropriate 1 time or all time mapping
  5. Select 'Save Mappings'
  6. If you have the mapping set to apply mapping on user create and update you can select the option to Apply updates now to update the username for existing application assginments.
If you are already setting it up this way and getting those errors i'm at a loss.
-Matt

 

All Answers

api-workday api-workdayapi-workday api-workday
HI Jeff,

The full expression language isn't available when using custom expressions to assign the application username format in the 'Sign On' tab.
  1. If you go to Director->Profile Editor-Profiles Mappings
  2. Select the Mapping for the Apps in question
  3. Select the 'Okta to App in question'
  4. Override the username mapping and define
    1. user.employeeNumber maps to app.userName (or user.employeeID != null ? source.employeeID : 000000)
    2. select the appropriate 1 time or all time mapping
  5. Select 'Save Mappings'
  6. If you have the mapping set to apply mapping on user create and update you can select the option to Apply updates now to update the username for existing application assginments.
If you are already setting it up this way and getting those errors i'm at a loss.
-Matt

 
This was selected as the best answer
Jeff MinardJeff Minard
That worked!

It's...kinda out of the way, and the option I was setting (during application setup) seems like it should have done the trick. Just some feedback.