Notifications

121 views

Description

The multiple provider single sign-on feature allows organizations to use several SSO identity providers (IdPs) to manage authentication as well as retain local database (basic) authentication.

 

Installation exits are customizations that exit from Java to call a script before returning to Java. They are usually related to login, logout, validate password and external authentication. The installation exits are located on System Definition > Installation Exits. Some installation exits can be overridden with a custom script that replaces the one in the default installation exit.

 

Each SSO plugin comes with its installation exits.

When the  Multi-SSO plugin is installed it comes with its installation exits, the previous SAML installation exits are no longer required and the system will make them inactive.

 

 

 

Release or Environment

Helsinki and later

Cause

After enabling Multi-SSO, some SSO validations may fail if the Multi-SSO installation scripts do not execute first.

There are some exceptional cases where some SAML* installation exits remain active (incorrectly) after the Multi-SSO plugin is installed.

e.g. If SAML is already active at the time you activated Multiple Single Sign-On and if you already customized the SAML installation exits.

 

This could cause the logs will show the following errors:

WARNING *** WARNING *** Evaluator: org.mozilla.javascript.EcmaError: Cannot convert null to an object.

Caused by error in Script Include: 'SAML2_update1' at line 35

 

32: this.lastGeneratedRequestID = null;

33: this.inResponseTo = null;

34: this.logoutFailureEventId = "saml2.logout.validation.failed";

==> 35: this.certGR = this.getCertGR();

36:

37: // Keep SAMLAssertion object for validation

38: this.SAMLResponseObject = null;

Resolution

To resolve the problem, if Multi-SSO is installed correctly, validate the following installation exits have Active set to False:

Installation exit

 

Active

SAML2Logout

=

false

SAML2Logout_update1

=

false

SAML2SingleSignon

=

false

SAML2SingleSignon_update1

=

false

MultiSSO

=

true

MultiSSOLogin

=

true

MultiSSOLogout

=

true

 

Here is the result:

 

Article Information

Last Updated:2020-01-16 10:38:21
Published:2020-01-09