As many others have reported, I am not able to get SSO to work with staff (/scp). Note that I have it working with the user portal, works great. But, I cannot seem to figure out how to get it to work for staff.

What am I doing wrong?

When I go to scp/login.php, it says "Authentication Required" and I cannot get past this without entering valid credentials (I am using my Active Directory credentials, which do work).

Logs from ssl_access_log:
[MyIPAddress] - [MyUserName]@[MyADdomain] [21/Jan/2019:13:37:20 -0500] "GET /facilities/assets/default/css/print.css?035fd0a HTTP/1.1" 304 -
[MyIPAddress] - [MyUsername]@[MyADdomain] [21/Jan/2019:13:37:50 -0500] "GET /facilities/scp/ HTTP/1.1" 200 49680

Version information below:

    rblake
    can you try upgrading your PHP to 5.6
    also, have you tried using a different browser? and clearing cache?

        ramrajone

        I upgraded to PHP 5.6 and have tried both Internet Explorer and Google Chrome, neither is working. Keep in mind that it does work for the regular user portal, just not the /scp. As always, I clear my cache when testing. I also have the URL in my intranet zone within Internet Explorer and allow credentials to be shared.

        If you have any other thoughts, I'm certainly open. I'm also open to assisting the developers resolve the issue by enabling debugging or whatever they'd like.

            rblake
            very strange if it works for regular user portal, it should work for an agent too, have you checked to see if Agent and user account are in same AD groups or OU?

            Or tried creating new Agent to see if that works?

                I dont know if this matters... but if you go to Admin panel -> Agents -> an agent that doesn't work (which should be any) what is their authentication backend set to?

                  ramrajone

                  The users are in various groups and folders in Active Directory. However, there isn't anything different between a staff member and a regular user. I also can login locally with HTTP Passthru (no credentials entered) to the regular portal and I'm listed as "Staff" (I'm an Admin).

                  To your question about adding a user, I hadn't tried it until you suggested; however, after testing, it is doing the same behavior. It allows SSO to the regular portal but not to /scp.

                  ntozier

                  Appreciate the reply. Mine, for example, is set to "Active Directory or LDAP" and I know mine isn't working.

                  Should I change this to something else?

                      Try changing it to any back end. (because I'm curious, not because I think that it will help... but it might)

                        6 days later

                        ntozier

                        Well, you solved it! Changing it to "Any available backend" on my account immediately made it start working. If I log out, it logs me right back in (as I would expect).

                        Hopefully this helps others. Thank you!

                          Right on! (I was hoping)

                          I'll close this thread since your issue has been resolved. Please do not hesitate to start a new one if you have another question, issue, etc.

                          Write a Reply...