search cancel

SSO - getting AD error page when signing from MUX

book

Article ID: 213615

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

Getting error: Error - SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.

We have implemented SSO with Azure AD on our environment. We have also setup a logout page. This works fine with the Classic UI. However, when we move from classic Clarity to the Modern / New User Experience (UX) and then logout from then then we get the above error.

Steps to Reproduce:

  1. Login to Classic Clarity using sso

  2. Click the MUX link from general section

  3. It opens up MUX in new tab

  4. Log out from MUX

     

Results: Error - SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding.

Cause

Logout URL set on the NSA/CSA page is being Ignored. 

Environment

  • Clarity 15.8.1, 15.9, 15.9.1,15.9.2
  • SAML 2.0
  • Azure/ADFS as IDP

Resolution

  1. Get the value of Logout URL that's set in NSA.
  2.  the below DB command to update it or update through New UX if you are on 15.9.1, 15.9.2. 
  3. 15.9.3 has this issue fixed.

15.8.1 and 15.9

UPDATE CMN_SEC_SAML_CONFIGS SET IDP_SLO_SER_URL='<LOGOUT URL>';

15.9.1, 15.9.2

  1. Navigate to Administration → Authentication & Keys → SAML CONFIGURATIONS on New UI.
  2. Add the below Attribute.
  3. Once it's added, change the value to the Logout URL defined in NSA.

Attachments