and more in a single search tool across platforms. Read the announcement here. |
10/27/2023 01:03 AM - last edited on 11/02/2023 10:41 AM by Dave
We are also facing the same issue as this post.
We have configured SAML SSO using Azure AD, and have set the same value for session timeout on idp and sp.
Upon max session, user is redirected to account selection page. Once user selects the account, they are redirected to OOPS error page (Unable to find username/password).
User would have to logout of the account manually and sign in again to be able to login to Saviynt.
We have tried looking up on the forum and documentation but to no avail.
Appreciate if you could help, thank you
10/30/2023 12:17 AM
11/08/2023 06:48 PM
Just an update as I see someone else having the same issue.
We opened a ticket with Saviynt and they asked us to update the following value from "3" to "0". Once we updated to "0", it seems to work normally.
grails.plugin.springsecurity.saml.authInstCheck=0
// Possible values 0- No Validation Check , 1- check MaxAuthenticationAge only , 2- check OnOrAfter only , 3- Check All
I'm not sure what are the implications of setting "No Validation Check" as I couldn't find any documentation on that.
Although setting the above value did fix the sso issue, when the user hit session timeout, it will redirect to the "Oops" page again, indicating that username / password not found.
Once you click on "Please click here" and select the account to login, user will be redirected to dashboard.
Saviynt confirmed that that is the expected behavior upon session timeout, which is bizarre as the error shown on the error page (username/password not found) does not match the actual error (session timeout). We have raised a ticket on that and it's pending Saviynt's support.
11/08/2023 07:38 PM
Specify the validation option to validate a SAML response after the user succeeds in the authentication process.
0: No validation check
1: Check MaxAuthenticationAge only.
2: Check OnorAfter only
3: Check All
The recommended value is 3.
11/08/2023 10:07 PM
Thanks @rushikeshvartak , initially we had the value configured as "3" but it would cause the issue described in the main post. We only got it working by by setting the value as "0".
Is this a bug?