
Andrew Wood
Articles
-
SecureAuth API allowed Clock Skew
Version Affected: All Description: The SecureAuth API has a default maximum clock skew of 60 seconds. We generally recommend leaving this default in place and using NTP to ensure that there is ...
-
OIDC with Internal and DMZ combination fails for internal users
Version Affected: 19.x onwards Description: With Authorization Code flow, when an External OIDC app receives a code from SecureAuth, it reaches back out to the SecureAuth box to exchange that co...
-
IWA not working on Chrome and Chromium Edge
Version Affected: All Description: Despite WindowsSSO/IWA being enabled, Chrome and Edge are prompting for credentials or throwing a 401 error Cause: This can be caused by the Browser settin...
-
How to: KnowBe4 Saml Integration
Version Affected: All Description: This is a quick guide of how to perform a SAML integration with KnowBe4 Resolution: Log in to your KnowBe4 account Click your email address on the top-r...
-
Oauth / OpenID Flows: Implicit
Version Affected: IdP - All versions Description: The Implicit flow allows an application to request an Access Token directly from the Authorization endpoint so can be fully handled via the Users ...
-
Generate SAML logs on the IdP
SecureAuth IdP Version Affected: All Description: How to turn on SAML tracing for the realm. Cause: Sometimes it is not practical to use a client side SAML tracer such as the SAML tracer plugin f...
-
RADIUS 20.12.07 not working after upgrade
Version Affected: RADIUS 20.12.07 Description: After upgrading to 20.12.07, Radius logins fail. The SaRadiusServer log contains the error "Unable to find valid certification path to requested t...
-
SP init by Post failing with generic "Error has been logged"
Version Affected: All Description: Attempting to use SP init by Post. The SAMLRequest (AuthN request) is getting Posted. However, users see the generic "Error has been logged" Error log shows M...
-
Reviewing Post Data on a Submit Forms Post realm
Version Affected: All Description: The Admin console does not make it easy to review the Post Data on a Forms Post realms as the gui only has a limited amount of room and if your value exceeds t...
-
OpenID error: Blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
SecureAuth Idp Version affected: AllDescription: When trying to set up an OIDC based Service Provider, the follow error is seen Access to XMLHttpRequest at 'https://sauth.example.com/SecureAuth4/Se...