search cancel

SSO not working for Modern UX with SAML

book

Article ID: 215978

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

The SSO works for Classic, but if trying to get to the New User Experience (UX) directly it doesn’t work. SAML enabled Clarity doesn't support direct logon to Modern UX

STEPS TO REPRODUCE:

  1. Configure SAML with Clarity 15.9.2 with any IDP like OKTA/Azure.
  2. Use the New UX Url ex :- https://server.clarity.com/pm

Expected Results: Since the application is SAML enabled, you are expected to log in successfully.
Actual Results: You get redirected to the authentication error URL.

Environment

Release : 15.9.1, 15.9.2

Component : CLARITY SECURITY INTEGRATION

SAML Configured Environments

Cause

Caused by DE61090

Resolution

Fixed in 15.9.3 as DE61090

Note: This currently only works in SAAS, but not in On Premise. Upcoming feature work will resolve this in On Premise as per: Unable to set MUX as landing page, and deeplinks on SAML do not work (On Premise Only)

IMPORTANT: Required configuration for the fix to work post-upgrade to 15.9.3:

  • The errorURL in the properties.xml (Authentication Error URL in CSA - Security) must be set to the IDP URL that's set in SSO Service URL in SAML Configs
  • You can also get the URL to update from the sso_ser_url value in database CMN_SEC_SAML_CONFIGS table
  • This has been successfully tested with Okta and may have some differences if you are using a different IDP provider

Additional Information

We have a user story to ensure Authentication URL also works, and this is scheduled for one of the next releases