We use saved AWI URLs to facilitate easy login and navigation to specific resources in the Automation Engine. There is a problem with the way AWI handles URLs. This problem happens only when the user is not already logged in, and when SAML authentication is in use.
Non-error condition
The user is already logged in to the AWI.
The user clicks on the URL:
https://awi.example.com/?system=UC4_PROD&client=0120&department=DEPT&logintype=SAML&autologin=true#UC4_PROD:0120@pa/explorer&folder=1001001
The AWI navigates to the specified folder, and the URL in the browser's location bar remains unchanged.
Error condition
The user is not already logged in to the AWI.
The user clicks on the URL:
https://awi.example.com/?system=UC4_PROD&client=0120&department=DEPT&logintype=SAML&autologin=true#UC4_PROD:0120@pa/explorer&folder=1001001
The AWI authenticates the user via SAML through a series of redirects. After this, the AWI navigates to the specified folder, but changes the URL in the browser's location bar to:
https://awi.example.com/awi#UC4_PROD:0120@pa/explorer&folder=1001001
The problem appears to happen only as a result of the multiple redirects that take place during SAML authentication.
The problem may seem like a small one, but it is actually quite a nuisance. Once the URL has been corrupted, all subsequent URLs in that browser window will be similarly corrupted. For instance AWI system parameters that facilitate automatic login are removed from the URL. This means that any URLs that the user saves and uses later will not automatically log the user in.
Release : 21.x
Component: Automic Web Interface (AWI)
Context: Usage of SAML for SSO
Defect introduced in 21.x versions, working fine on versions 12.3.x
Solution:
Update to a fix version listed below or a newer version if available.
Fix version:
Component(s): Automic.Web.Interface (AWI)
Automation.Engine 21.0.5 - Available
Solution Details:
A problem was solved where AWI generated corrupted URLs during SAML login.