IIQ_8.2 Enabling SAML Based Single Sign-On (SSO) problem

Asmaa_Alaa · November 2, 2025, 1:06pm

Which IIQ version are you inquiring about?

identityiq-8.2

Please share any images or screenshots, if relevant.

Please share any other relevant files that may be required (for example, logs).

Share all details about your problem, including any error messages you may have received.

i am trying to enable the sailpoint iiq in login configuration using SAML Based Single Sign-On (SSO)and after configuration when i click to save it it gives me error (Specified attribute is not between the expected values of 1 and 1.)

msingh900 · November 2, 2025, 1:38pm

@Asmaa_Alaa

As per the error, I see there is a lock file in a particular location. Try deleting that file and perform the operation again.

java.nio.file.AccessDeniedException: E:\tomcat\webapps\identityiq\WEB-INF\BundleManagedAttributeIndex\write.lock
	at sun.nio.fs.WindowsException.translateToIOException(WindowsException.java:89) ~[?:?]
	at sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:103) ~[?:?]
	at sun.nio.fs.WindowsException.rethrowAsIOException(WindowsException.java:108) ~[?:?]
	at sun.nio.fs.WindowsFileSystemProvider.newFileChannel(WindowsFileSystemProvider.java:120) ~[?:?]
	at java.nio.channels.FileChannel.open(FileChannel.java:292) ~[?:?]
	at java.nio.channels.FileChannel.open(FileChannel.java:345) ~[?:?]

Location: E:\tomcat\webapps\identityiq\WEB-INF\BundleManagedAttributeIndex\write.lock

Delete this write.lock file and try.

Asmaa_Alaa · November 2, 2025, 2:14pm

@msingh900

this file created automatically from the system although i remove it it created again

msingh900 · November 2, 2025, 2:27pm

Does the user through which you are running the tomcat service have necessary permission to the E folder like read or write.

Check that otherwise try to start the service as admin user.

Asmaa_Alaa · November 2, 2025, 2:33pm

@msingh900
yes, i use the admin account
i reload the recent log file of SailPoint now

msingh900 · November 2, 2025, 2:39pm

Refer the article below. Here also they provided the same solution as I did and the problem is also similar as yours.

msingh900 · November 2, 2025, 2:40pm

Please check the above post and try that. Hope it saves the problem.

Thanks

Asmaa_Alaa · November 2, 2025, 2:46pm

ok i will check it thanks you

msingh900 · November 2, 2025, 2:48pm

Sure, Let me know if the problem still exists after following the previous post.

Thanks

Asmaa_Alaa · November 2, 2025, 3:40pm

Although i ensure from the user permissions (has the full control), still have the same error while trying to save the SAML SSO configuration (Specified attribute is not between the expected values of 1 and 1.)
and this is the content of sailpoint log file :


2025-11-02T17:29:33,672 DEBUG http-nio-8080-exec-4 sailpoint.service.PageAuthenticationService:479 - store.id:49F06DC5A460A95DC81E9365F8C5E9C2
2025-11-02T17:29:51,074 DEBUG http-nio-8080-exec-7 sailpoint.service.PageAuthenticationService:479 - store.id:49F06DC5A460A95DC81E9365F8C5E9C2
2025-11-02T17:31:02,955 DEBUG http-nio-8080-exec-6 sailpoint.service.PageAuthenticationService:479 - store.id:49F06DC5A460A95DC81E9365F8C5E9C2
2025-11-02T17:31:05,129 DEBUG http-nio-8080-exec-1 sailpoint.service.PageAuthenticationService:479 - store.id:49F06DC5A460A95DC81E9365F8C5E9C2
2025-11-02T17:31:22,997 DEBUG http-nio-8080-exec-8 sailpoint.service.PageAuthenticationService:479 - store.id:49F06DC5A460A95DC81E9365F8C5E9C2

msingh900 · November 2, 2025, 3:53pm

Can you please share the rule that you are using. Did you verified if the rule logic is fine.

Asmaa_Alaa · November 2, 2025, 4:01pm

i disable the Rule Based Single Sign-On (SSO) and Enable SAML Based Single Sign-On (SSO)
and this is the SAML Correlation Rule:

// Imports
            import sailpoint.object.Identity;

            // Making a BIG assumption here that the nameid-format is unspecified/persitent

            // Get the nameId from the assertionAttributes
            String nameId = (String)assertionAttributes.get("nameId");

            Identity ident;

            if(nameId != null) {
                // Lookup the identity based on nameId
                ident = context.getObject(Identity.class, nameId);
            }

            return ident;

Asmaa_Alaa · November 4, 2025, 8:47am

@msingh900

i need to ensure from one thing is there additional information needed to be added in other login configuration taps while enabling the SSO configuration using SAML Based Single Sign-On (SSO)?

Asmaa_Alaa · November 7, 2025, 8:57pm

i solved the problem the reason was there are some missing tables in the identityiq database that cause the issue so i run the script of creating the tables again to complete the missing tables then the problem solved in SailPoint GUI

system · January 6, 2026, 8:58pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sailpoint URL is not accessible IIQ Discussion and Questions identityiq	9	995	January 18, 2024
SSO Configuration IdentityIQ IIQ Discussion and Questions identityiq , authentication	6	274	August 23, 2025
8.3 SSO/SAML Intermittent Error IIQ Discussion and Questions identityiq	8	177	October 26, 2025
Acces denied error when starting Tomcat IIQ Discussion and Questions	2	1361	July 19, 2023
SAML Login issue IIQ Discussion and Questions identityiq	7	66	February 6, 2026

IIQ_8.2 Enabling SAML Based Single Sign-On (SSO) problem

Which IIQ version are you inquiring about?

Please share any images or screenshots, if relevant.

Please share any other relevant files that may be required (for example, logs).

Share all details about your problem, including any error messages you may have received.

Related topics