Skip to content

SAML: Not able to login if the user is already logged in on another application in the browser #9701

New issue
New issue
Closed
#9756
Closed
SAML: Not able to login if the user is already logged in on another application in the browser#9701
#9756
Labels
affects:4.19.1component:samltype:enhancementtype:improvement
Milestone
4.19.2
@vishesh92

Description

@vishesh92
vishesh92
opened on Sep 18, 2024
ISSUE TYPE
  • Enhancement Request
COMPONENT NAME
SAML
CLOUDSTACK VERSION
All versions with SAML support
CONFIGURATION

Setup SAML with Azure AD

OS / ENVIRONMENT
SUMMARY

The authentication works but if I open the UI on a Browser which was already used by another application to authenticate against Azure AD I get an error message
https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/app-integration/error-code-aadsts75011-auth-method-mismatch

As per the document above, we need to set the value for forceAuthn to true. The value is hardcoded as false as of now.

cloudstack/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java

Line 193 in 1d37ff2

authnRequest.setForceAuthn(false);

Another error is that during login, org name being displayed in the UI is same as the URL. The actual value should be same as the value set for saml2.org.name global setting.

EXPECTED RESULTS
Login should work
ACTUAL RESULTS
Login fails with an error

Metadata

Metadata

Assignees

No one assigned

    Labels

    affects:4.19.1component:samltype:enhancementtype:improvement

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions