Transparent SSO not working for SP initiated realms

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected: 9.0.x, 9.1, 9.2
    Description: A user successfully authenticates to the Secure Portal realm, but when clicking a tile for an SP Initiated app, the redirect works, but asks the user to enter username/password/2FA again.


    Cause: The Transparent SSO settings from the Secure Portal realm expect to go straight to the Authorized folder. When an SP Initiated realm is used, you get redirected to the SecureAuth.aspx page and this does not let you in. 

    The same issue occurs when wanting Transparent SSO between realms without using the SecurePortal. 


    Resolution:
    1. Navigate to the PostAuth tab of the Portal Realm
    2. Scroll down and select the 'View and Configure FormsAuth keys/SSO Token' link.
    3. In the Forms Authentication section, set the Name eg SSOToken and copy the same name to the Post-Auth Cookie under the Authentication Cookie Section below.

    sso.PNG
    4. Under the Machine Key section, click "Generate New Keys" and ensure a Validation & Decryption key appear and click Save.
    5. Uncheck the check box next to the Secure Portal realm, and check the realm you'd like to include in the Transparent SSO setup. Click Save.
    6. In the application realm, go to the Workflow tab and locate the Custom Identity Consumer section.
    7. Change the drop-down for Receive Token to "Token".
    8. Change the drop-down for Allow Transparent SSO to "True".
    9. Click Save and test.

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.