User Tools

Site Tools


sso_authentication

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
sso_authentication [2019/08/23 15:49]
lucy
sso_authentication [2020/06/03 13:41] (current)
lucy
Line 21: Line 21:
   * ADFS 5.0 (Windows Server 2019)   * ADFS 5.0 (Windows Server 2019)
   * Azure AD (refer to [[sso_azure|this guide]] to have a detailed instructions)   * Azure AD (refer to [[sso_azure|this guide]] to have a detailed instructions)
 +  * Okta (refer to [[sso_okta|this guide]] for more details)
  
 The connection to the AD FS can be configured within the Settings / SSO Configuration: ​ The connection to the AD FS can be configured within the Settings / SSO Configuration: ​
Line 180: Line 181:
  
 **Solution**:​ The time difference between AD FS and Lucy servers can cause an authentication problem. Make sure that the time zone setting is correct on the Advanced Settings page in Lucy. **Solution**:​ The time difference between AD FS and Lucy servers can cause an authentication problem. Make sure that the time zone setting is correct on the Advanced Settings page in Lucy.
 +
 +**Issue**: (AD FS) Login with a single sign-on sometimes does not work (it redirects to the Lucy's login page after successful login at AD FS website) . \\
 +
 +**Solution**:​ Disable the revocation check on your AD FS server by the PowerShell command (see details [[https://​docs.microsoft.com/​en-us/​powershell/​module/​adfs/​set-adfsrelyingpartytrust?​view=win10-ps|here]]):​
 +
 +<​code>​
 +Set-AdfsRelyingPartyTrust -TargetName "Your RelyingParty Name" -SigningCertificateRevocationCheck None
 +</​code>​
 +
 +**Issue**: (AD FS) Login with a single sign-on stopped working after update to Lucy 4.7 (it redirects to the Lucy's login page after successful login at AD FS website) . \\
 +
 +**Solution**:​ Update the Relying Party Trust on your Windows Server by clicking "​Update from Federation Metadata..."​ link in AD FS Management console or through the [[https://​docs.microsoft.com/​en-us/​powershell/​module/​adfs/​update-adfsrelyingpartytrust|PowerShell]].
 +
 +**Issue**: A blank window appears after successful authentication at SSO provider website and there an error in the web server logs (Apache): "​Uncaught exception '​SimpleSAML\\Error\\Error'​ with message '​ACSPARAMS'"​.
 +
 +**Solution**:​ Verify your SSO provider settings, make sure that all required attributes are passed to Lucy during Single sign-on authentication.
sso_authentication.1566568141.txt.gz ยท Last modified: 2019/08/23 15:49 by lucy