René's URL Explorer Experiment


Title: Unable to login to SAML account when 2fa is enabled · Issue #12583 · apache/cloudstack · GitHub

Open Graph Title: Unable to login to SAML account when 2fa is enabled · Issue #12583 · apache/cloudstack

X Title: Unable to login to SAML account when 2fa is enabled · Issue #12583 · apache/cloudstack

Description: problem Unable to login to SAML account when 2fa is enabled versions ACS 4.20.x and 4.22 The steps to reproduce the bug As a admin create a SAML account Enable 2fa on the SAML account https://docs.cloudstack.apache.org/en/4.22.0.0/adming...

Open Graph Description: problem Unable to login to SAML account when 2fa is enabled versions ACS 4.20.x and 4.22 The steps to reproduce the bug As a admin create a SAML account Enable 2fa on the SAML account https://docs....

X Description: problem Unable to login to SAML account when 2fa is enabled versions ACS 4.20.x and 4.22 The steps to reproduce the bug As a admin create a SAML account Enable 2fa on the SAML account https://docs....

Opengraph URL: https://github.com/apache/cloudstack/issues/12583

X: @github

direct link

Domain: github.com


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Unable to login to SAML account  when 2fa is enabled","articleBody":"### problem\n\nUnable to login to SAML account  when 2fa is enabled \n\n### versions\n\nACS 4.20.x and 4.22\n\n### The steps to reproduce the bug\n\n1. As a admin create a SAML account\n\n2. Enable 2fa on the SAML account \n\nhttps://docs.cloudstack.apache.org/en/4.22.0.0/adminguide/accounts.html#using-two-factor-authentication-for-users\n\n3. Login as SAML user \n\n4. Unable to login \n\nlogs \n\n```\n\n\n2026-02-04 05:17:32,994 DEBUG [c.c.a.ApiServlet] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) ===START===  10.0.3.251 -- POST  command=samlSso\ncommand=samlSso\nSAMLResponse=PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfN2U2OGNmYzVjODZmMWNjNGQ5NTVlMGU3MTVmNDA3YmNmYmQ4ZWMwMjkxIiBWZXJzaW9bWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj4xPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIE5hbWU9ImVkdVBlcnNvbkFmZmlsaWF0aW9uIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OmJhc2ljIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4c2k6dHlwZT0ieHM6c3RyaW5nIj5ncm91cDE8L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iZW1haWwiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6YmFzaWMiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhzaTp0eXBlPSJ4czpzdHJpbmciPnVzZXIxQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PC9zYW1sOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWw6QXNzZXJ0aW9uPjwvc2FtbHA6UmVzcG9uc2U+\n\n2026-02-04 05:17:32,995 DEBUG [c.c.a.ApiSessionListener] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Session destroyed by Id : node0vpgb28zblh3yfqbwbg2fxs1f27 , session: Session@17aabbed{id=node0vpgb28zblh3yfqbwbg2fxs1f27,x=node0vpgb28zblh3yfqbwbg2fxs1f27.node0,req=1,res=true} , source: Session@17aabbed{id=node0vpgb28zblh3yfqbwbg2fxs1f27,x=node0vpgb28zblh3yfqbwbg2fxs1f27.node0,req=1,res=true} , event: javax.servlet.http.HttpSessionEvent[source=Session@17aabbed{id=node0vpgb28zblh3yfqbwbg2fxs1f27,x=node0vpgb28zblh3yfqbwbg2fxs1f27.node0,req=1,res=true}]\n2026-02-04 05:17:32,995 DEBUG [c.c.a.ApiSessionListener] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Session created by Id : node0k64urmb81dab1bu9i7ftdchal28 , session: Session@6c27b82d{id=node0k64urmb81dab1bu9i7ftdchal28,x=node0k64urmb81dab1bu9i7ftdchal28.node0,req=1,res=true} , source: Session@6c27b82d{id=node0k64urmb81dab1bu9i7ftdchal28,x=node0k64urmb81dab1bu9i7ftdchal28.node0,req=1,res=true} , event: javax.servlet.http.HttpSessionEvent[source=Session@6c27b82d{id=node0k64urmb81dab1bu9i7ftdchal28,x=node0k64urmb81dab1bu9i7ftdchal28.node0,req=1,res=true}]\n2026-02-04 05:17:33,042 DEBUG [o.a.c.a.c.SAML2LoginAPIAuthenticatorCmd] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Received SAMLResponse in response to id=vgr7m6hlig0bvkd52fir0lrpp84q82p7\n2026-02-04 05:17:33,048 DEBUG [o.a.c.s.SAMLUtils] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) SAML attribute name: uid friendly-name:null value:1\n2026-02-04 05:17:33,048 DEBUG [o.a.c.s.SAMLUtils] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) SAML attribute name: eduPersonAffiliation friendly-name:null value:group1\n2026-02-04 05:17:33,048 DEBUG [o.a.c.s.SAMLUtils] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) SAML attribute name: email friendly-name:null value:user1@example.com\n2026-02-04 05:17:33,052 DEBUG [c.c.u.AccountManagerImpl] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Attempting to log in user: user1@example.com in domain 2\n2026-02-04 05:17:33,053 DEBUG [o.a.c.s.SAML2UserAuthenticator] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Trying SAML2 auth for user: user1@example.com\n2026-02-04 05:17:33,060 DEBUG [c.c.u.AccountManagerImpl] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) CIDRs from which account 'Account [{\"accountName\":\"user1@example.com\",\"id\":11,\"uuid\":\"547e824c-ecba-47b2-80c0-8aed18ec5939\"}]' is allowed to perform API calls: 0.0.0.0/0,::/0\n2026-02-04 05:17:33,068 DEBUG [c.c.u.AccountManagerImpl] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) User: user1@example.com in domain 2 has successfully logged in, auth time duration - 16 ms\n2026-02-04 05:17:33,068 INFO  [c.c.a.ApiServer] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Current user logged in under UTC timezone\n2026-02-04 05:17:33,069 INFO  [c.c.a.ApiServer] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Timezone offset from UTC is: 0.0\n2026-02-04 05:17:33,074 DEBUG [o.a.c.s.SAMLUtils] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) Adding sessionkey cookie to response: sessionkey=O4vrRCga2nZfxIHxVAYuJNRPGGY;Domain=10.0.33.194;Path=/client;SameSite=Lax\n2026-02-04 05:17:33,075 DEBUG [c.c.a.ApiServlet] (qtp1390913202-25:[ctx-0168cb72]) (logid:a018986f) ===END===  10.0.3.251 -- POST  command=samlSso\ncommand=samlSso\nSAMLResponse=PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfN2U2OGNmYzVjODZmMWNjNGQ5NTVlMGU3MTVmNDA3YmNmYmQ4ZWMwMjkxIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyNi0wMi0wNFQwNToxNzozMloiIERlc3RpbmF0aW9uPSJodHRwOi8vMTAuMC4zMy4xOTQ6ODA4MC9jbGllbnQvYXBpP2\n\n```\n\n\n### What to do about it?\n\nCloudstack should support 2fa on saml account \n\n2fa is working fine on LDAP accounts","author":{"url":"https://github.com/kiranchavala","@type":"Person","name":"kiranchavala"},"datePublished":"2026-02-04T10:30:21.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":3},"url":"https://github.com/12583/cloudstack/issues/12583"}

route-pattern/_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format)
route-controllervoltron_issues_fragments
route-actionissue_layout
fetch-noncev2:89afa5ac-4c25-976d-79d5-79ffc0bdb68a
current-catalog-service-hash81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114
request-id990E:B160A:DC3909:128A04D:6A4D4EBC
html-safe-nonce74058d20566813f263de5bd8528cac841a0b505f77ee6fa79e912d5db76e169b
visitor-payloadeyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5OTBFOkIxNjBBOkRDMzkwOToxMjhBMDREOjZBNEQ0RUJDIiwidmlzaXRvcl9pZCI6IjgyMTc4MDMwMTkzNDY4NTc2NjAiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ==
visitor-hmac459d440be0f1599be81c647a634e46293cecfea923565d66f997ffbba06a384a
hovercard-subject-tagissue:3895815122
github-keyboard-shortcutsrepository,issues,copilot
google-site-verificationApib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
octolytics-urlhttps://collector.github.com/github/collect
analytics-location///voltron/issues_fragments/issue_layout
fb:app_id1401488693436528
apple-itunes-appapp-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/apache/cloudstack/12583/issue_layout
twitter:imagehttps://opengraph.githubassets.com/d67185c563a7bb31b06dcb654f7d7479dfab8fcd216f4ca00ffe1924be1a7b24/apache/cloudstack/issues/12583
twitter:cardsummary_large_image
og:imagehttps://opengraph.githubassets.com/d67185c563a7bb31b06dcb654f7d7479dfab8fcd216f4ca00ffe1924be1a7b24/apache/cloudstack/issues/12583
og:image:altproblem Unable to login to SAML account when 2fa is enabled versions ACS 4.20.x and 4.22 The steps to reproduce the bug As a admin create a SAML account Enable 2fa on the SAML account https://docs....
og:image:width1200
og:image:height600
og:site_nameGitHub
og:typeobject
og:author:usernamekiranchavala
hostnamegithub.com
expected-hostnamegithub.com
None92571a8944142227b7e19cd10918b1ddd06e5066c1ad5bc7e4769cf6140a87e6
turbo-cache-controlno-preview
go-importgithub.com/apache/cloudstack git https://github.com/apache/cloudstack.git
octolytics-dimension-user_id47359
octolytics-dimension-user_loginapache
octolytics-dimension-repository_id9759448
octolytics-dimension-repository_nwoapache/cloudstack
octolytics-dimension-repository_publictrue
octolytics-dimension-repository_is_forkfalse
octolytics-dimension-repository_network_root_id9759448
octolytics-dimension-repository_network_root_nwoapache/cloudstack
turbo-body-classeslogged-out env-production page-responsive
disable-turbofalse
browser-stats-urlhttps://api.github.com/_private/browser/stats
browser-errors-urlhttps://api.github.com/_private/browser/errors
release56fc8347865a14e2ec811533d68f929cf4e0ec19
ui-targetfull
theme-color#1e2327
color-schemelight dark

Links:

Skip to contenthttps://github.com/apache/cloudstack/issues/12583#start-of-content
https://github.com/
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fissues%2F12583
GitHub CopilotWrite better code with AIhttps://github.com/features/copilot
GitHub Copilot appDirect agents from issue to mergehttps://github.com/features/ai/github-app
MCP RegistryNewIntegrate external toolshttps://github.com/mcp
ActionsAutomate any workflowhttps://github.com/features/actions
CodespacesInstant dev environmentshttps://github.com/features/codespaces
IssuesPlan and track workhttps://github.com/features/issues
Code ReviewManage code changeshttps://github.com/features/code-review
GitHub Advanced SecurityFind and fix vulnerabilitieshttps://github.com/security/advanced-security
Code securitySecure your code as you buildhttps://github.com/security/advanced-security/code-security
Secret protectionStop leaks before they starthttps://github.com/security/advanced-security/secret-protection
Why GitHubhttps://github.com/why-github
Documentationhttps://docs.github.com
Bloghttps://github.blog
Changeloghttps://github.blog/changelog
Marketplacehttps://github.com/marketplace
View all featureshttps://github.com/features
Enterpriseshttps://github.com/enterprise
Small and medium teamshttps://github.com/team
Startupshttps://github.com/enterprise/startups
Nonprofitshttps://github.com/solutions/industry/nonprofits
App Modernizationhttps://github.com/solutions/use-case/app-modernization
DevSecOpshttps://github.com/solutions/use-case/devsecops
DevOpshttps://github.com/solutions/use-case/devops
CI/CDhttps://github.com/solutions/use-case/ci-cd
View all use caseshttps://github.com/solutions/use-case
Healthcarehttps://github.com/solutions/industry/healthcare
Financial serviceshttps://github.com/solutions/industry/financial-services
Manufacturinghttps://github.com/solutions/industry/manufacturing
Governmenthttps://github.com/solutions/industry/government
View all industrieshttps://github.com/solutions/industry
View all solutionshttps://github.com/solutions
AIhttps://github.com/resources/articles?topic=ai
Software Developmenthttps://github.com/resources/articles?topic=software-development
DevOpshttps://github.com/resources/articles?topic=devops
Securityhttps://github.com/resources/articles?topic=security
View all topicshttps://github.com/resources/articles
Customer storieshttps://github.com/customer-stories
Events & webinarshttps://github.com/resources/events
Ebooks & reportshttps://github.com/resources/whitepapers
Business insightshttps://github.com/solutions/executive-insights
GitHub Skillshttps://skills.github.com
Documentationhttps://docs.github.com
Customer supporthttps://support.github.com
Community forumhttps://github.com/orgs/community/discussions
Trust centerhttps://github.com/trust-center
Partnershttps://github.com/partners
View all resourceshttps://github.com/resources
GitHub SponsorsFund open source developershttps://github.com/sponsors
Security Labhttps://securitylab.github.com
Maintainer Communityhttps://maintainers.github.com
Acceleratorhttps://github.com/accelerator
GitHub Starshttps://stars.github.com
Archive Programhttps://archiveprogram.github.com
Topicshttps://github.com/topics
Trendinghttps://github.com/trending
Collectionshttps://github.com/collections
Enterprise platformAI-powered developer platformhttps://github.com/enterprise
GitHub Advanced SecurityEnterprise-grade security featureshttps://github.com/security/advanced-security
Copilot for BusinessEnterprise-grade AI featureshttps://github.com/features/copilot/copilot-business
Premium SupportEnterprise-grade 24/7 supporthttps://github.com/premium-support
Pricinghttps://github.com/pricing
Search syntax tipshttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
documentationhttps://docs.github.com/search-github/github-code-search/understanding-github-code-search-syntax
Sign in https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fapache%2Fcloudstack%2Fissues%2F12583
Sign up https://github.com/signup?ref_cta=Sign+up&ref_loc=header+logged+out&ref_page=%2F%3Cuser-name%3E%2F%3Crepo-name%3E%2Fvoltron%2Fissues_fragments%2Fissue_layout&source=header-repo&source_repo=apache%2Fcloudstack
Reloadhttps://github.com/apache/cloudstack/issues/12583
Reloadhttps://github.com/apache/cloudstack/issues/12583
Reloadhttps://github.com/apache/cloudstack/issues/12583
Please reload this pagehttps://github.com/apache/cloudstack/issues/12583
apache https://github.com/apache
cloudstackhttps://github.com/apache/cloudstack
Notifications https://github.com/login?return_to=%2Fapache%2Fcloudstack
Fork 1.3k https://github.com/login?return_to=%2Fapache%2Fcloudstack
Star 3k https://github.com/login?return_to=%2Fapache%2Fcloudstack
Code https://github.com/apache/cloudstack
Issues 535 https://github.com/apache/cloudstack/issues
Pull requests 268 https://github.com/apache/cloudstack/pulls
Discussions https://github.com/apache/cloudstack/discussions
Actions https://github.com/apache/cloudstack/actions
Projects https://github.com/apache/cloudstack/projects
Wiki https://github.com/apache/cloudstack/wiki
Security and quality 0 https://github.com/apache/cloudstack/security
Insights https://github.com/apache/cloudstack/pulse
Code https://github.com/apache/cloudstack
Issues https://github.com/apache/cloudstack/issues
Pull requests https://github.com/apache/cloudstack/pulls
Discussions https://github.com/apache/cloudstack/discussions
Actions https://github.com/apache/cloudstack/actions
Projects https://github.com/apache/cloudstack/projects
Wiki https://github.com/apache/cloudstack/wiki
Security and quality https://github.com/apache/cloudstack/security
Insights https://github.com/apache/cloudstack/pulse
Bughttps://github.com/apache/cloudstack/issues?q=type:"Bug"
Unable to login to SAML account when 2fa is enabledhttps://github.com/apache/cloudstack/issues/12583#top
component:samlhttps://github.com/apache/cloudstack/issues?q=state%3Aopen%20label%3A%22component%3Asaml%22
no-issue-activityhttps://github.com/apache/cloudstack/issues?q=state%3Aopen%20label%3A%22no-issue-activity%22
4.20.4https://github.com/apache/cloudstack/milestone/45
https://github.com/kiranchavala
kiranchavalahttps://github.com/kiranchavala
on Feb 4, 2026https://github.com/apache/cloudstack/issues/12583#issue-3895815122
https://docs.cloudstack.apache.org/en/4.22.0.0/adminguide/accounts.html#using-two-factor-authentication-for-usershttps://docs.cloudstack.apache.org/en/4.22.0.0/adminguide/accounts.html#using-two-factor-authentication-for-users
component:samlhttps://github.com/apache/cloudstack/issues?q=state%3Aopen%20label%3A%22component%3Asaml%22
no-issue-activityhttps://github.com/apache/cloudstack/issues?q=state%3Aopen%20label%3A%22no-issue-activity%22
Bughttps://github.com/apache/cloudstack/issues?q=type:"Bug"
Apache CloudStack BugFest - Issueshttps://github.com/orgs/apache/projects/362
4.20.4No due datehttps://github.com/apache/cloudstack/milestone/45
https://github.com
Termshttps://docs.github.com/site-policy/github-terms/github-terms-of-service
Privacyhttps://docs.github.com/site-policy/privacy-policies/github-privacy-statement
Securityhttps://github.com/security
Statushttps://www.githubstatus.com/
Communityhttps://github.community/
Docshttps://docs.github.com/
Contacthttps://support.github.com?tags=dotcom-footer

Viewport: width=device-width


URLs of crawlers that visited me.