Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-8151

SAML SSO for subrealm does not correctly login user as it ignores the org param when XUI enabled

    Details

    • Sprint:
      AM Sustaining Sprint 19, AM Sustaining Sprint 20, AM Sustaining Sprint 21, AM Sustaining Sprint 25, AM Sustaining Sprint 26
    • Support Ticket IDs:

      Description

      Steps to recreate.

      1) Set up a default IDP and SP for SAML.

      2) Have a user in the subrealm that is not also in the top realm

      3) When configuring the SP, create it under a subrealm.

      4) Add the Federation module to the subrealm in SP - it must be named Federation.

      5) Initiate an spSSOInit.

      User can authenticate with the IDP, but when redirects back to the sp, it can not find the user since it is looking in the top realm. If the org param is added manually to the url in the browser at this point, they can login.

      If user is in both the top realm and the subrealm, they will also be able to login without issue.

      Tested by disabling the XUI, and the user was able to login as the correct org param was referenced.

       

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              tina.roper Tina Roper
              QA Assignee:
              Nemanja Lukic
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3h Original Estimate - 3h
                3h
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 10h
                10h