Issue
After cloning from an instance, users or administrators may be prevented to log in with the error: '‘Username or password not valid’.
Cause
After an upgrade, the latest MultiSSOv2 plugin is enabled, but the correct installation exits are not activated. Test connection may works, but when accessing the instance via browsers, users are redirected to SSOCircle.
Resolution
The system property glide.authenticate.external should be set to false:
/sys_properties_list.do?sysparm_query=name%3Dglide.authenticate.external&sysparm_view=
The Installation Exits with name SAML should be set to false:
/sys_installation_exit_list.do?sysparm_query=nameSTARTSWITHSAML&sysparm_view=
UseCase 1 :
1. glide.authenticate.multissov2_feature.enabled=true
2. In the Identity Provider record go to Advance Tab -> Single Sign On Script : MultiSSOv2_SAML2_custom
3. The below installation exits and script includes are set to true:
Plugin |
Type |
MultiSSOv2 |
MultiSSOv2 |
Script Include |
MultiSSOv2_SAML2_custom |
Installation Exit |
MultiSSOv2 | |
MutliSSOLogin | ||
MultiSSOLogoutv2 |
UseCase 2:
1. glide.authenticate.multissov2_feature.enabled=false or this property is not defined in the sys_properties.list table
2. In the Identity Provider record go to Advance Tab -> Single Sign On Script : MultiSSO_SAML2_Update1
3. The below installation exits and script includes are set to true:
Plugin |
Type |
MultiSSOv2 |
MultiSSOv1 |
Script Include |
MultiSSO_SAML2_Update1 |
Installation Exit |
MultiSSO | |
MutliSSOLogin | ||
MultiSSOLogout |
Resetting the MFA on a clone
Use the procedure shown this video to reset the MFA on the cloned instance.
Related Links
Customization support in MultiSSOv2
How to delete an orphaned Identity Provider record from an instance showing SSO access denied