User gets logged out immediately after logging in

The multiple provider single sign-on feature allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication.

Installation exits are customizations that exit from Java to call a script before returning to Java. They are usually related to login, logout, validate password and external authentication. The installation exits are located on System Definition > Installation Exits. Some installation exits can be overridden with a custom script that replaces the one in the default installation exit.

Each SSO plugin comes with its installation exits.

When the  Multi-SSO plugin is installed it comes with its installation exits, the previous SAML installation exits are no longer required and the system will make them inactive.

Helsinki and later

After enabling Multi-SSO, some SSO validations may fail if the Multi-SSO installation scripts do not execute first.

There are some exceptional cases where some SAML* installation exits remain active (incorrectly) after the Multi-SSO plugin is installed.

e.g. If SAML is already active at the time you activated Multiple Single Sign-On and if you already customized the SAML installation exits.

This could cause the logs will show the following errors:

WARNING *** WARNING *** Evaluator: org.mozilla.javascript.EcmaError: Cannot convert null to an object.

Caused by error in Script Include: 'SAML2_update1' at line 35

32: this.lastGeneratedRequestID = null;

33: this.inResponseTo = null;

34: this.logoutFailureEventId = "saml2.logout.validation.failed";

==> 35: this.certGR = this.getCertGR();

36:

37: // Keep SAMLAssertion object for validation

38: this.SAMLResponseObject = null;

To resolve the problem, if Multi-SSO is installed correctly, validate the following installation exits have Active set to False:

Here is the result: