search cancel

SAML 2.0 authentication looping and never allowing login

book

Article ID: 257367

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

After configuring SAML 2.0 authentication, OKTA in this case, accessing IDM will generate an IDM URL with a session token, but never logs into IDM, and you can observe the session information in the URL string being updated repeatedly. 

Environment

Release : 14.4

Cause

In this case, the problem was due to IDM being a cluster behind a load balancer but pointing the "IM Proxy Based URL" at a specific IDM node instead of the overall Load Balancer URL.


Resolution

Changing the "IM Proxy Base URL" to the fully qualified Load Balancer address resolves this issue:


Attachments