Authentication Error URL is not used in SAML for Inactive/Locked users
search cancel

Authentication Error URL is not used in SAML for Inactive/Locked users

book

Article ID: 261028

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Users that are Inactive / Locked in SAML will be redirected to LogoutURL vs Error URL.

Steps to Reproduce:

1. Configure Clarity for SAML using Okta, Azure or other IDP's.
2. On the NSA, add a Logout URL, Authentication Error URL.
3. Mark the user inactive/locked in Clarity.
4. Login with the locked user through SSO

Expected Results :- User is Redirected to the Authentication error URL.
Actual Results :- User is redirected to the Logout URL.

Environment

Release :  Any

Resolution

This was reviewed as DE68679 (Not a Bug, working as expected)

This is working as designed. If the user passed via SAML is invalid or locked in Clarity we redirect to the logout URL.