Menu
▾
▴
unity-idm-discuss
|
From: Sander A. <sa....@fz...> - 2020-07-17 06:13:03
Attachments:
smime.p7s
|
Good morning Krzysztof, we have an issue on one of our four unity (3.2.2) instances with the remember me function. It is not working. When I log out from a service and from unity, by passing the session lifetime or logging out in a second browser tab, and try to re-login, I see all connected IdPs but not the screen with my last one. This issue appears with all browsers and with different users. The log does not show any errors. The remember me configuration is the default configuration. Do you have seen this issue/behaviour before? Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2020-07-20 10:18:32
|
Hi Sander, W dniu 17.07.2020 o 08:12, Sander Apweiler pisze: > Good morning Krzysztof, > > we have an issue on one of our four unity (3.2.2) instances with the > remember me function. It is not working. When I log out from a service > and from unity, by passing the session lifetime or logging out in a > second browser tab, and try to re-login, I see all connected IdPs but > not the screen with my last one. This issue appears with all browsers > and with different users. The log does not show any errors. The > remember me configuration is the default configuration. Do you have > seen this issue/behaviour before? It seems you are referring to screen showing last used authentication option, not the "remember me" setting which is skipping one or all authN factors on a trusted device? Assuming so: 1. can you check whether you have "last used" cookie stored for unity instance origin? What is the value? It should be stored immediately after successful login. 2. what are the settings in authentication UI configuration? Do you have "show last used option..." selected on the endpoint in question? 3. it doesn't work for saml only or for arbitrary authentication options? Cheers, Krzysztof |
|
From: Sander A. <sa....@fz...> - 2020-07-20 10:34:31
Attachments:
smime.p7s
Screenshot from 2020-07-20 12-27-47.png
|
Hi Krzysztof, On Mon, 2020-07-20 at 12:18 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 17.07.2020 o 08:12, Sander Apweiler pisze: > > Good morning Krzysztof, > > > > we have an issue on one of our four unity (3.2.2) instances with > > the > > remember me function. It is not working. When I log out from a > > service > > and from unity, by passing the session lifetime or logging out in a > > second browser tab, and try to re-login, I see all connected IdPs > > but > > not the screen with my last one. This issue appears with all > > browsers > > and with different users. The log does not show any errors. The > > remember me configuration is the default configuration. Do you have > > seen this issue/behaviour before? > > It seems you are referring to screen showing last used > authentication > option, not the "remember me" setting which is skipping one or all > authN > factors on a trusted device? Yes I mean showing the last used authentication. Sorry for the misswording. > > > Assuming so: > > 1. can you check whether you have "last used" cookie stored for > unity > instance origin? What is the value? It should be stored immediately > after successful login. Yes it is stored. See attachment. > > 2. what are the settings in authentication UI configuration? Do you > have > "show last used option..." selected on the endpoint in question? Do you mean this one: unity.endpoint.web.authnLastOptionOnlyLayout? We use the default value. > > 3. it doesn't work for saml only or for arbitrary authentication > options? It does not work for all endpoints. Best regards, Sander > > > Cheers, > Krzysztof > -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2020-07-25 14:03:45
|
Hi Sander, W dniu 20.07.2020 o 12:34, Sander Apweiler pisze: > Yes it is stored. See attachment. >> 2. what are the settings in authentication UI configuration? Do you >> have >> "show last used option..." selected on the endpoint in question? > Do you mean this one: unity.endpoint.web.authnLastOptionOnlyLayout? > We use the default value. No I meant this: |unity.endpoint.web| |.authnShowLastOptionOnly| do you have it set to true? Can you check up your endpoint config in Console? Anyway this works for me. I can only suspect some problem with authN options autogenerated from saml metadata. >> 3. it doesn't work for saml only or for arbitrary authentication >> options? > It does not work for all endpoints. > I meant: whether this problem occurs only with SAML sign-in using some federation, or it also doesn't work with other authN options (e.g. password)? Best Krzysztof |
|
From: Sander A. <sa....@fz...> - 2020-07-27 05:36:56
|
Good morning Krzysztof, On Sat, 2020-07-25 at 16:03 +0200, Krzysztof Benedyczak wrote: > Hi Sander, > > W dniu 20.07.2020 o 12:34, Sander Apweiler pisze: > > Yes it is stored. See attachment. > > > 2. what are the settings in authentication UI configuration? Do > > > you > > > have > > > "show last used option..." selected on the endpoint in question? > > > > Do you mean this one: unity.endpoint.web.authnLastOptionOnlyLayout? > > We use the default value. > > No I meant this: > > unity.endpoint.web .authnShowLastOptionOnly > > do you have it set to true? Can you check up your endpoint config in > Console? The option is not set in config files, so I guess it uses the default value true. Within the configuration in console endpoint, it indicates that it is true. See attachments. > > Anyway this works for me. I can only suspect some problem with authN > options autogenerated from saml metadata. > > > > 3. it doesn't work for saml only or for arbitrary authentication > > > options? > > > > It does not work for all endpoints. > > > > I meant: whether this problem occurs only with SAML sign-in using > some federation, or it also doesn't work with other authN options > (e.g. password)? It is working for no authN. Not for SAML federation and also not for password, where password authentication is possible. Best regards, Sander > > > > Best > Krzysztof -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ---------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2020-08-01 21:58:00
|
Sander, W dniu 27.07.2020 o 07:36, Sander Apweiler pisze: > Good morning Krzysztof, > > On Sat, 2020-07-25 at 16:03 +0200, Krzysztof Benedyczak wrote: >> Hi Sander, >> >> W dniu 20.07.2020 o 12:34, Sander Apweiler pisze: >>> Yes it is stored. See attachment. >>>> 2. what are the settings in authentication UI configuration? Do >>>> you >>>> have >>>> "show last used option..." selected on the endpoint in question? >>> Do you mean this one: unity.endpoint.web.authnLastOptionOnlyLayout? >>> We use the default value. >> No I meant this: >> >> unity.endpoint.web .authnShowLastOptionOnly >> >> do you have it set to true? Can you check up your endpoint config in >> Console? > The option is not set in config files, so I guess it uses the default > value true. Within the configuration in console endpoint, it indicates > that it is true. See attachments. >> Anyway this works for me. I can only suspect some problem with authN >> options autogenerated from saml metadata. >> >>>> 3. it doesn't work for saml only or for arbitrary authentication >>>> options? >>> It does not work for all endpoints. >>> >> I meant: whether this problem occurs only with SAML sign-in using >> some federation, or it also doesn't work with other authN options >> (e.g. password)? > It is working for no authN. Not for SAML federation and also not for > password, where password authentication is possible. > Well, I've tried this in several variants and all were working on my end flawlessly. I can't give you any better hint, then to try to minimize the problem area. Perhaps you can try to setup a simple test endpoint (e.g. homeUI) add to it 2 authN options (e.g. password and one oauth) and try on it? If it works (by far it should) then I'd try to add more setting from an endpoint which is not working. If it doesn't work, let me know the precise config of the endpoint. Cheers, Krzysztof |
|
From: Marcus H. <ha...@ki...> - 2020-08-03 07:20:50
Attachments:
smime.p7s
|
On 08/01/20 23:57, Krzysztof Benedyczak wrote: > Sander, > > W dniu 27.07.2020 o 07:36, Sander Apweiler pisze: > > Good morning Krzysztof, > > > > On Sat, 2020-07-25 at 16:03 +0200, Krzysztof Benedyczak wrote: > > > Hi Sander, > > > > > > W dniu 20.07.2020 o 12:34, Sander Apweiler pisze: > > > > Yes it is stored. See attachment. > > > > > 2. what are the settings in authentication UI configuration? Do > > > > > you > > > > > have > > > > > "show last used option..." selected on the endpoint in question? > > > > Do you mean this one: unity.endpoint.web.authnLastOptionOnlyLayout? > > > > We use the default value. > > > No I meant this: > > > > > > unity.endpoint.web .authnShowLastOptionOnly > > > > > > do you have it set to true? Can you check up your endpoint config in > > > Console? > > The option is not set in config files, so I guess it uses the default > > value true. Within the configuration in console endpoint, it indicates > > that it is true. See attachments. > > > Anyway this works for me. I can only suspect some problem with authN > > > options autogenerated from saml metadata. > > > > > > > > 3. it doesn't work for saml only or for arbitrary authentication > > > > > options? > > > > It does not work for all endpoints. > > > > > > > I meant: whether this problem occurs only with SAML sign-in using > > > some federation, or it also doesn't work with other authN options > > > (e.g. password)? > > It is working for no authN. Not for SAML federation and also not for > > password, where password authentication is possible. > > > Well, I've tried this in several variants and all were working on my end > flawlessly. > > I can't give you any better hint, then to try to minimize the problem area. > Perhaps you can try to setup a simple test endpoint (e.g. homeUI) add to it > 2 authN options (e.g. password and one oauth) and try on it? If it works (by > far it should) then I'd try to add more setting from an endpoint which is > not working. If it doesn't work, let me know the precise config of the > endpoint. From what I saw, the problem does not show with every SAML IdP. I saw a screenshare of DKFZ users where it worked, but I think that it does not work properly for KIT and HMGU users. -- Marcus. |
|
From: Marcus H. <ha...@ki...> - 2020-08-03 07:21:46
Attachments:
smime.p7s
|
On 08/03/20 09:20, Marcus Hardt wrote: > On 08/01/20 23:57, Krzysztof Benedyczak wrote: > > Sander, > > > > W dniu 27.07.2020 o 07:36, Sander Apweiler pisze: > > > Good morning Krzysztof, > > > > > > On Sat, 2020-07-25 at 16:03 +0200, Krzysztof Benedyczak wrote: > > > > Hi Sander, > > > > > > > > W dniu 20.07.2020 o 12:34, Sander Apweiler pisze: > > > > > Yes it is stored. See attachment. > > > > > > 2. what are the settings in authentication UI configuration? Do > > > > > > you > > > > > > have > > > > > > "show last used option..." selected on the endpoint in question? > > > > > Do you mean this one: unity.endpoint.web.authnLastOptionOnlyLayout? > > > > > We use the default value. > > > > No I meant this: > > > > > > > > unity.endpoint.web .authnShowLastOptionOnly > > > > > > > > do you have it set to true? Can you check up your endpoint config in > > > > Console? > > > The option is not set in config files, so I guess it uses the default > > > value true. Within the configuration in console endpoint, it indicates > > > that it is true. See attachments. > > > > Anyway this works for me. I can only suspect some problem with authN > > > > options autogenerated from saml metadata. > > > > > > > > > > 3. it doesn't work for saml only or for arbitrary authentication > > > > > > options? > > > > > It does not work for all endpoints. > > > > > > > > > I meant: whether this problem occurs only with SAML sign-in using > > > > some federation, or it also doesn't work with other authN options > > > > (e.g. password)? > > > It is working for no authN. Not for SAML federation and also not for > > > password, where password authentication is possible. > > > > > Well, I've tried this in several variants and all were working on my end > > flawlessly. > > > > I can't give you any better hint, then to try to minimize the problem area. > > Perhaps you can try to setup a simple test endpoint (e.g. homeUI) add to it > > 2 authN options (e.g. password and one oauth) and try on it? If it works (by > > far it should) then I'd try to add more setting from an endpoint which is > > not working. If it doesn't work, let me know the precise config of the > > endpoint. > > From what I saw, the problem does not show with every SAML IdP. I saw a > screenshare of DKFZ users where it worked, but I think that it does not > work properly for KIT and HMGU users. Sorry, I meant HZDR users. > -- > Marcus. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X