I'm trying to setup fleetdm login with SAML (SSO), SSO auth passed (as per saml trace) but fleetdm UI still not allowing me to get in. any thoughts ?

Can you open up your network inspector and look at the SAML response in the request to

/api/v1/fleet/callback

? It should be a big base64 encoded string. You can paste that into a saml decoder and look at the

NameID

returned. Is that an email that matches an email for a user in Fleet with SSO enabled?

<NameID Format="urn😮asis:names🇹🇨SAML:1.1:nameid-format:emailAddress">myname@xy.com</NameID>

User account in Fleet has SSO enabled?

Yes USer has enabled SSO

Do you get anything the fleet stderr when that response comes back? Should see a log similar to this:

{"component":"http","level":"info","method":"POST","took":"7.6686ms","ts":"2022-02-03T01:21:54.3815045Z","uri":"/api/v1/fleet/sso/callback","user":"unauthenticated"}