In general, the error ‘LDAP role extractor for tokens not configured properly’ usually occurs when an invalid value is used in the Assertion Role field so the roles cannot be extracted from the assertion. In order to resolve this, I would do the following steps:
* Login to the Solution Manager as the admin user.
* Navigate to Configuration> Authentication > Single Sign-On
* Enable the option Extract roles from SAML assertion
* Ensure that the Assertion role field is correct based on the information from IDP.
* Also, ensure that the necessary roles are created in the Solution Manager and appropriate privileges are assigned.
* Click Save.
* Logout and login via Single Sign On.
For more information, you could refer to the Knowledge Base Article [How To Configure Azure AD for SSO in the Denodo Solution Manager](https://community.denodo.com/kb/en/view/document/How%20To%20Configure%20Azure%20AD%20for%20SSO%20in%20the%20Denodo%20Solution%20Manager).
Hope this helps.!