SAML fails with the LB URL
search cancel

SAML fails with the LB URL

book

Article ID: 217326

calendar_today

Updated On:

Products

Clarity PPM On Premise Clarity PPM SaaS

Issue/Introduction

SAML with OKTA/SSO fails on the LB URL but works when using direct HTTP URL

STEPS TO REPRODUCE: 

1. Enable SAML with Okta

      Note that when using a direct HTTP URL to server it works as expected both SP and IDP connection 

2. Now set up the LB URL in properties.xml, Okta and CMN_SEC_SAML_CONFIGS 

3. Try connecting to Clarity LB URL 


Expected Results: To be able to connect. 

Actual Results: Unable to connect, multiple redirection to LB URL in a loop. Error in logs: 

INFO  2021-06-08 10:53:31,847 [http-nio-6060-exec-6] filter.SAMLFilter (clarity:admin:-1:none) SAMLFilter: HttpRequest.getRequestURL() = http://<servername>/niku/nu 

ERROR 2021-06-08 10:53:31,894 [http-nio-6060-exec-1] filter.SAMLFilter (clarity:admin:-1:none) Error occured while creating session for user  null Reason: Unauthenticated SAML response received:The response was received at http://<servername>/niku/nu instead of https://<servername>/niku/nu 

INFO  2021-06-08 10:53:31,894 [http-nio-6060-exec-1] filter.SAMLFilter (clarity:admin:-1:none) SAMLFilter: HttpRequest.getRequestURL() = http://<servername>/niku/nu 

Workaround: None. 

Resolution

To resolve the problem:

  1. Ensure Clarity is enabled for SSL/HTTPS as well as HTTP in properties.xml and added to the LB as HTTPS

Alternate Workaround:

  1. Set both the Recipient URL and Destination URL in Okta to point to http://<servername>/niku/nu instead of https://<servername>/niku/nu