Hi Bill,
Possibly the problem is not the token itself, in order to the automatic login work the cookie must be validaded and most of the problems with the SSO not working is related to mismatch of some validation factors.
All Applications need to prove that the exact same user is trying to access them. They should all provide the exact same information:
All Applications need to prove that the exact same user is trying to access them. They should all provide the exact same Validation Factors:
<th>
| The same computer is being used |
Machine IP |
| The same user name is provided |
User Name |
| The same session token is provided |
Current Crowd Session token stored in the local browser cookie |
| The same browser is being used to access all applications (not used by 2.0.4 and newer versions) |
HTTP User-Agent |
| The user can be found in the same Crowd Directory |
Directory ID |
There are some key points that I'd suggest you to check, they are the following:
1. Ensure that the URLs being used to access each application and the SSO Domain value stored in Crowd are valid and match the pattern;
2. Ensure that all applications are using the Crowd authenticator at their WEB-INF/classes/seraph-config.xml files;
3. Ensure that the Directories that are assigned to each application in Crowd, If more than one, are in the exact same order;
4. If there are proxy servers being used between Crowd and the applications, make sure to add their IP addresses to theTrusted Proxy Servers list in Crowd.
I hope this information has helped.
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.