I've tested the generation of token and what I received from server is as follows:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><session expand="user"><token>imY0lB9dFVVa2etkqZzxyg00</token><user name="admin"><link href="http://localhost:8095/crowd/rest/usermanagement/1/user?username=admin" rel="self"/></user><link href="http://localhost:8095/crowd/rest/usermanagement/1/session/imY0lB9dFVVa2etkqZzxyg00" rel="self"/><created-date>2013-09-19T01:04:58.700-04:00</created-date><expiry-date>2013-09-19T01:45:18.917-04:00</expiry-date></session>
My problem is that other application cannot automatically login the user after the custom application creates this token.
Any help is greately appreciated, thanks,
Bill Chang
Community moderators have prevented the ability to post new answers.
Hi Bill,
Possibly the problem is not the token itself, in order to the automatic login work the cookie must be validaded and most of the problems with the SSO not working is related to mismatch of some validation factors.
All Applications need to prove that the exact same user is trying to access them. They should all provide the exact same information:
All Applications need to prove that the exact same user is trying to access them. They should all provide the exact same Validation Factors:
<th>The same computer is being used | Machine IP |
The same user name is provided | User Name |
The same session token is provided | Current Crowd Session token stored in the local browser cookie |
The same browser is being used to access all applications (not used by 2.0.4 and newer versions) | HTTP User-Agent |
The user can be found in the same Crowd Directory | Directory ID |
There are some key points that I'd suggest you to check, they are the following:
1. Ensure that the URLs being used to access each application and the SSO Domain value stored in Crowd are valid and match the pattern;
2. Ensure that all applications are using the Crowd authenticator at their WEB-INF/classes/seraph-config.xml files;
3. Ensure that the Directories that are assigned to each application in Crowd, If more than one, are in the exact same order;
4. If there are proxy servers being used between Crowd and the applications, make sure to add their IP addresses to theTrusted Proxy Servers list in Crowd.
I hope this information has helped.
Cheers
Hi Tiago,
Thank you for your prompt reply.
I have some questions regarding to your suggestion.
1. Ensure that all applications are using the Crowd authenticator at their
=> I am using Crowd REST API to get and generate authentication in my application, there is no change made to WEB-INF/classes/seraph-config.xml files, do I need that Crowd authenticator in my application? I am testing between my application and the crowd demo application that comes with the installation.
2.
<th>The same computer is being used | Machine IP (Client Machine IP?) |
The same browser is being used to access all applications (not used by 2.0.4 and newer versions) | HTTP User-Agent(I confirm that we are using the same browser) |
The user can be found in the same Crowd Directory | Directory ID(I confirm that) |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
i have the same problem. Authentication returns the token, but it is not store in a cookie. Not really sure how to set it as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.