Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML: Not able to login if the user is already logged in on another application in the browser #9701

Open
vishesh92 opened this issue Sep 18, 2024 · 0 comments
Open

SAML: Not able to login if the user is already logged in on another application in the browser #9701

vishesh92 opened this issue Sep 18, 2024 · 0 comments

Comments

@vishesh92
Copy link
Member

vishesh92 commented Sep 18, 2024
edited
Loading

ISSUE TYPE
  • Enhancement Request
COMPONENT NAME
SAML
CLOUDSTACK VERSION
All versions with SAML support
CONFIGURATION

Setup SAML with Azure AD

OS / ENVIRONMENT
SUMMARY

The authentication works but if I open the UI on a Browser which was already used by another application to authenticate against Azure AD I get an error message
https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/app-integration/error-code-aadsts75011-auth-method-mismatch

As per the document above, we need to set the value for forceAuthn to true. The value is hardcoded as false as of now.

cloudstack/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java

Line 193 in 1d37ff2

authnRequest.setForceAuthn(false);

Another error is that during login, org name being displayed in the UI is same as the URL. The actual value should be same as the value set for saml2.org.name global setting.

EXPECTED RESULTS
Login should work
ACTUAL RESULTS
Login fails with an error
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vishesh92