SAML MFA Authentication works great now when I used https://VanityPortalHostName:8182/pc/desktop/page
But users logout of there, and if they use the page to relogin: https://RealPortalHost:8382/sso/sign-in.jsp?SsoProductCode=pc&SignOut=1; they can bypass the MFA.
This is the current setup for SsoConfiguration:
SSO Configuration/DX NetOps/Performance Center:
Web Service Scheme: http
Web Service Host: <realHostName>
Web Service Port: 8481
Web Service Inventory (Version 1): /dm/inventory
Web Service Data Source Admin: /dm/ds
Web Site Scheme: https
Web Site Host: <VanityHostName>
Web Site Port: 8182
Web Site Path: /pc/desktop/page
SMTP Enabled: Enabled
SMTP Server Address: smtp.host.com
SMTP Ports: 25
SMTP SSL: Disabled
Email Reply Address: [email protected]
Email Format: HTML
Enable Emailing Scheduled Reports: Enabled
Enable Archived Scheduled Reports: Disabled
SMTP Username:
SMTP Password:
Web Service Inventory (Version 2): /dm/inventory2
SMTP Authentication: Disabled
The SSO link always reverted to the RealPortalHostName. Is that the issue?
DX NetOps Performance Management Portal web server has both SAML (also known as SAML2) SSO configured along with LDAP SSO.
When the user initially logs in they are directed to SAML MFA and provided Portal access after logging in. When the user logs out there are left at a different URL that provides a new login prompt.
Logging in via that new login prompt allows the user to gain access after authenticating with a valid username and password. But it doesn't use the SAML MFA.
All supported DX NetOps Performance Management Portal releases
This is functioning as designed.
By design SAML user log out will leave the user at the standard OOTB logout page. Example using HTTPS:
https://PortalHost:8382/sso/sign-in.jsp?SsoProductCode=pc&SignOut=1
Best Practice suggests going back to the proper console port login URL page as a starting point for new login attempts. Example using HTTPS:
https://PortalHostName:8182/pc/desktop/page
A custom logout page URL is not possible at this time. It would be an Enhancement Request (ER).
Enhancement Request DE565019 has been submitted to engineering and Product Management. Additional information about the request and it's status should be directed to your Account Management team.