search cancel

Incorrect behavior of Authentication URL in SSO Setup


Article ID: 221680


Updated On:


Clarity PPM On Premise Clarity PPM SaaS


When a user who does not have access to clarity or Inactive or locked in Clarity tries to access the application, the URL is getting diverted to Logout URL instead of redirecting to Authentication URL. As in this case the authentication of the user has failed.


  • Configure a clarity system with SAML 2.0 feature 
  • Update the CSA with Logout URL and Authentication URL and ensure both URL's are different


  1. Login to Clarity with administrator privilege's 
  2. Create a user and set the status to inactive
  3. Log out and try to login as new user created in step 2 
  4. Since the user status is inactive it should route the user to the Logout URL

Expected Result: Since the user is inactive it should be routed to Authentication URL

Actual Result: Since the user is inactive instead of route to Authentication URL it routed to Logout URL


This was logged as defect DE62190 however after further discussion with engineering and product management this was designed to ensure that if a user don't exist in clarity or Inactive or Locked it will redirect to Logout URL to ensure circular looping doesn't happen while attempting to reauthenticate. 


Release : Any


Communicate user to reach to application admin if routed to Authentication URL so that application admin can check further and activate the user in clarity and if user doesn't exist to create a user if the new user needed to access the application.