From 472d56a8fee818b8d8e42235e36bedad201bc7c3 Mon Sep 17 00:00:00 2001 From: Ayesha Firdaus Date: Thu, 18 Jun 2026 17:49:41 +0530 Subject: [PATCH 1/2] disable-saml --- modules/user-access/pages/sso-with-saml.adoc | 21 ++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/modules/user-access/pages/sso-with-saml.adoc b/modules/user-access/pages/sso-with-saml.adoc index 01af1efe2..b5591fbee 100644 --- a/modules/user-access/pages/sso-with-saml.adoc +++ b/modules/user-access/pages/sso-with-saml.adoc @@ -369,6 +369,21 @@ used when returning a message. |=== +=== Bypass certificate validation + +You can set the `DISABLE_SAML_CERTIFICATE_CHECK` environment variable to bypass certificate validation for SAML-based SSO. +When this variable is enabled, GSQL will treat invalid certificates, including expired ones, as valid. + +Run the following commands to enable this setting: + +[source,console] +---- +$ gadmin config set GSQL.BasicConfig.Env "$(gadmin config get GSQL.BasicConfig.Env) DISABLE_SAML_CERTIFICATE_CHECK=true; " +$ gadmin config apply -y +$ gadmin restart gsql -y +---- + + == Create user groups with proxy rules to authorize single sign-on users In order to authorize single sign-on users, you need create user groups with proxy rules and grant roles on graphs for the user groups. @@ -539,3 +554,9 @@ Usually the text is self-descriptive. Follow the error message and try to fix TigerGraph or your identity provider's configuration. If the problem persists or if you encounter any errors that are not clear, please https://tigergraph.zendesk.com/hc/en-us/[open a support ticket]. + +=== SAML configuration could not be loaded + +If your SAML configuration fails to load, check your certificates, metadata, and required parameters in your SAML settings. +To bypass certificate validation errors, set `DISABLE_SAML_CERTIFICATE_CHECK=true` using the configuration commands in +xref:_Bypass_certificate_validation[Bypass certificate validation]. From 7fdf508e2041808f3b38696f5246475d9ef9d251 Mon Sep 17 00:00:00 2001 From: AyeshaFirdausTG Date: Thu, 18 Jun 2026 23:18:22 +0530 Subject: [PATCH 2/2] Update sso-with-saml.adoc --- modules/user-access/pages/sso-with-saml.adoc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/user-access/pages/sso-with-saml.adoc b/modules/user-access/pages/sso-with-saml.adoc index b5591fbee..d25374570 100644 --- a/modules/user-access/pages/sso-with-saml.adoc +++ b/modules/user-access/pages/sso-with-saml.adoc @@ -371,7 +371,11 @@ used when returning a message. === Bypass certificate validation -You can set the `DISABLE_SAML_CERTIFICATE_CHECK` environment variable to bypass certificate validation for SAML-based SSO. +TigerGraph validates the X509 certificate of SAML-based SSO. If the +certificate is invalid or expired, GSQL will fail to load the SAML +configuration and SSO will not work. + +You can set the `DISABLE_SAML_CERTIFICATE_CHECK` environment variable to bypass certificate validation. When this variable is enabled, GSQL will treat invalid certificates, including expired ones, as valid. Run the following commands to enable this setting: