Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.
This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Re: Redirect Login "Saviynt Logout URL" not working on SSO session expire

println-titan
New Contributor III
New Contributor III

‎10/27/2023 01:03 AM - last edited on ‎11/02/2023 10:41 AM by Community Manager

We are also facing the same issue as this post

We have configured SAML SSO using Azure AD, and have set the same value for session timeout on idp and sp.

Upon max session, user is redirected to account selection page. Once user selects the account, they are redirected to OOPS error page (Unable to find username/password).

User would have to logout of the account manually and sign in again to be able to login to Saviynt.
We have tried looking up on the forum and documentation but to no avail.

Appreciate if you could help, thank you

1 person had this problem.
4 REPLIES 4

Dhruv_S
Saviynt Employee
Saviynt Employee

‎10/30/2023 12:17 AM

Hi @println-titan 

We are looking into and will keep you posted.

Regards,

Dhruv Sharma

0 Kudos

println-titan
New Contributor III
New Contributor III
In response to Dhruv_S

‎11/08/2023 06:48 PM

Just an update as I see someone else having the same issue.
We opened a ticket with Saviynt and they asked us to update the following value from "3" to "0". Once we updated to "0", it seems to work normally.

grails.plugin.springsecurity.saml.authInstCheck=0
// Possible values 0- No Validation Check , 1- check MaxAuthenticationAge only , 2- check OnOrAfter only , 3- Check All

I'm not sure what are the implications of setting "No Validation Check" as I couldn't find any documentation on that.

Although setting the above value did fix the sso issue, when the user hit session timeout, it will redirect to the "Oops" page again, indicating that username / password not found.
Once you click on "Please click here" and select the account to login, user will be redirected to dashboard.

Saviynt confirmed that that is the expected behavior upon session timeout, which is bizarre as the error shown on the error page (username/password not found) does not match the actual error (session timeout). We have raised a ticket on that and it's pending Saviynt's support.

0 Kudos

rushikeshvartak
All-Star
All-Star
In response to println-titan

‎11/08/2023 07:38 PM

Specify the validation option to validate a SAML response after the user succeeds in the authentication process.

  • 0: No validation check

  • 1: Check MaxAuthenticationAge only.

  • 2: Check OnorAfter only

  • 3: Check All

The recommended value is 3.


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.
0 Kudos

println-titan
New Contributor III
New Contributor III
In response to rushikeshvartak

‎11/08/2023 10:07 PM

Thanks @rushikeshvartak , initially we had the value configured as "3" but it would cause the issue described in the main post. We only got it working by by setting the value as "0".
Is this a bug?

0 Kudos
Copyright © 2024 Khoros, LLC