Support Solutions Shadowing
This is a discussion for reports of what happened during SSO calls with clients.
SEI-Capella Call - https://vanilla.freshdesk.com/a/tickets/99524
Issue
Employee can not log in. Seems email is not being passed over.
Notes
SEI has a very customized SSO setup. MuleSoft handles profiles. SAML calls to EmployeeID, Name and Email information.
Patrick had the user show the sign-in issue, then checked the logs for the error. After identifying error, verified that it seemed to be isolated to a single user (the one reporting the problem).
User was part of a merger with SEI, so their user was originally created a bit differently then other users. The profile service (MuleSoft) that SEI uses was passing over an EmployeeID number that was longer than the SSO was expecting. This caused SSO to fail.
After identifying that issue was tied to how user was configured on SEI's end, the dev on the call took ownership of issue.
Comments
-
ScrabbleGo - CSM Scheduled Call
Issue: SSO Implementation Not Working
Notes
Immediate issue was that embed was from local host which made initial troubleshooting much more difficult.
Unable to scroll within Dashboard when using embed
EasyXDM used for embed. PK advised that issue seemed front-end - refocused call on SSO.
SSO Error: "Verify Correct ISS" (ISS = Issuer )
Login attempt resulted in profile being created but no session starting
Patrick found that the incorrect issuer URL was assigned in SSO settings.
Reset to correct URL.
Resolved.
1 -
XOGroup Call - https://vanilla.freshdesk.com/a/tickets/97990
Issue: Login failing when jsConnectv3 was being used.
Notes:
- Client has customization in playce that calls to XoGroup main page to make sure that they're still signed in. Maybe related?
- When sign-in attempted with v3 protocol enabled, error served: "Client parameter is missing."
- jsConnectv2 seems to work fine
- Sign-In Method on staging : Click on category - click 'New Discussion' - sign in when prompted.
PK got an idea of the problem and may have an idea for resolution. Another call may be required.
0 -
Issue: Client (Oracle) signed into site, and lost an expected role (admin).
https://higherlogic.zendesk.com/agent/tickets/252313
Breakdown of Issue:
This has happened twice to Oracle users trying to log into the CCC-dev site recently. I'm a bit at a loss at what may be causing it.
I found the action in the logs:
RoleID: 16 is definitely the admin role (https://community-dev.oracle.com/customerconnect/role/edit/16).
It is set to not be affected by hub syncs:
On the dev-hub: https://community-dev.oracle.com/hub/user/browse?Keywords=prateek&Go=Go, the user is only set as 'ORACLE EMPLOYEE'
On CCC-dev: https://community-dev.oracle.com/customerconnect/user/browse?Keywords=prateek&Go=Go
----------
PK's solution:
Got it!
So you can set roles so that they are synchronized with the hub. But that gives them a status whereby the user always has to have it passed over or it will be removed:
From Dev
from prod:
Here's what the code says:
https://github.com/vanilla/vanilla-cloud/blob/master/cloud/plugins/sitenode/SiteNodePlugin.php#L307
What you are seeing in the log where he has the role is just before the role is taken away. I have removed that setting and restored Admin to Prateek. Can you get him to log in to test. If I'm right we will have to manually restore the lost roles.
0 -
Issue: Acer complained that on a new site, they were seeing an unexpected 'blank' box appear when signing in via SSO.
From PK:
That little blank popup is the default behaviour of Vanilla because even if you are doing SSO it tries to open that little Sign In modal window. You can always remove it by adding:
"Garden": { "SignIn": { "Popup": false } }0
