Hi @dan
If you require any more details or can give some suggestions kindly let me know I am still unable to figure out the error causing here
Hi @dan
If you require any more details or can give some suggestions kindly let me know I am still unable to figure out the error causing here
Hi @dan
Thank you very much for your reply
"But you expect the user to be sent to the Sisense app because they should have been signed on automatically. Is that correct?"
Yes, expecting to sign on automatically and redirect to the Sisense app
Hostnames
Fusion-auth
Host: http://10.197.65.10:8080
ReactApp
Host: https://staging-portal.mydomain.co.uk
Authorized URL: https://staging-portal.mydomain.co.uk/Authenticated
Sisense
Host: http://10.197.60.25:8081
Authorized Redirect URL: http://10.197.60.25:8081/api/v1/authentication/login_saml_callback/
"Can you confirm both applications are web applications?" Yes both are web applications
"Are there any messages on the devtools console" Yes when redirecting to the FA login screen below error show on the console
LocaleSelect.js?version=1.26.1:16 Uncaught TypeError: element.addEventListener is not a function
at new FusionAuth.OAuth2.LocaleSelect (LocaleSelect.js?version=1.26.1:16)
at authorize?client_id=c6bcfb81-7387-4448-92fe-979fbc183864&response_type=code&redirect_uri=https://staging-portal.appdev.bluechipdomain.co.uk/Authenticated:437
at HTMLDocument.value (prime-min-1.4.1.js?version=1.26.1:4)
LocaleSelect.js?version=1.26.1:16 Uncaught TypeError: element.addEventListener is not a function
at new FusionAuth.OAuth2.LocaleSelect (LocaleSelect.js?version=1.26.1:16)
at authorize?client_id=076e4363-b470-40df-9ed8-97a41ce1d10c&redirect_uri=%2Fsamlv2%2Fcallback%2F998aa744-18a5-42b9-0dfe-e11f73d68a41&response_type=code&state=eyJhY3MiOiJodHRwOi8vMTAuMTk3LjU1Ljk1OjgwODEvYXBpL3YxL2F1dGhlbnRpY2F0aW9uL2xvZ2luX3NhbWxfY2FsbGJhY2siLCJhaSI6IjA3NmU0MzYzLWI0NzAtNDBkZi05ZWQ4LTk3YTQxY2UxZDEwYyIsImlkIjoiX2VmM2MyYjU0Y2I4Zjg3YTgxNjczIiwicnMiOiIvIn0%3D:437
at HTMLDocument.value (prime-min-1.4.1.js?version=1.26.1:4)
"You can log in to each application separately" Yes and redirect back to as defined (sisense to sisense and web app to web app)
@janakapdj
Hope these also helps to give some suggestion
log when authenticated with Auth2
OAuth2 exchange authorization code debug log for [BlueChip] with clientId [c6bcfb81-7387-4448-92fe-979fbc183864].
10/1/2021 04:08:16 AM GMT Validate the provided authorization code [Oo4TyOqTFjLro1C9UlAfR1a3CTsmClP-beOdKP58w8w].
10/1/2021 04:08:16 AM GMT PKCE not utilized on this request.
10/1/2021 04:08:16 AM GMT No scopes requested.
10/1/2021 04:08:16 AM GMT Ensure the provided request parameters match those provided the authorization request.
10/1/2021 04:08:16 AM GMT User is registered for application with Id [c6bcfb81-7387-4448-92fe-979fbc183864] the [roles] and [applicationId] claims will be added.
10/1/2021 04:08:16 AM GMT The authorization code has been successfully exchanged for an access token.
SAML request
Incoming SAML v2 AuthnRequest.
Binding:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Deflated and encoded request:
nVNNj9owEP0rke+JbT42wSKsWFBVpG0bAe1hL8g4k12rjp3aDkv/fZ0AFYddDpwszbx5M/PeePp4rFV0AOuk0TmiCUGPs6njtWrYvPVveg1/WnA+CjDtWJ/IUWs1M9xJxzSvwTEv2Gb+7ZkNEsIaa7wRRqFotczRDlL6QATd0yojHEpaVqRC0a9Lw1ARgM61sNLOc+1DiAxoTElM6JaMGB2yAUnoMH1BUXGmfpK6lPr19hz7E8ixr9ttERc/NlsUzZ0D60PjhdGurcFuwB6kgJ/r5xy9ed8wjGnoNkmT8TiZjFlGMop5I/EhPEEO0F4K3jFgZV6l3nWC7ARXas/Fb4yiZdBK6h7xASMlpKMkuCs7DE4ceDLJOE9Ho5hmfByPBvtJTMoKYqC0SoflQ8ZHFJ1MYb1U9sqN2yLwy8JotpEOtIMpvuK5OP09FK6WhVFS/L3H6S/G1tx/jqYJ7SOyjKseyqDmUs3L0oJzwRelzPvCAveQI29bQPgy2vn+oOyvMfjm4XjXNS5M3XArXWcMHLnwF0mviRcqKLaG6h6Bb8IEEx11CBfheTe27I4ZRFhsa7l2jbH+bM1H88xOuU/k+J+9/rGzfw==
Decoded XML request:
<?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_e7160c1b1f80aed1df0f" Version="2.0" IssueInstant="2021-10-01T04:13:20.137Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://10.197.60.25:8081/api/v1/authentication/login_saml_callback/" Destination="http://10.197.65.10:8080/samlv2/login/998aa744-18a5-42b9-0dfe-e11f73d68a41">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Sisense</saml:Issuer>
<samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Hi
I am working on implementing SSO with different authentication methods
React Js application with Auth2
Sisense with SAML
I have followed the instruction as given in https://fusionauth.io/blog/2021/02/09/single-sign-on-sso-with-fusionauth/
Both applications were individually authenticated and return back as expected but it won't work SSO as expecting ( when the user has logged in and authenticated by one application he/she should be able to access the other one without authenticating )
SSO time out also set in to 10 hours in tenant
can someone help with this and give a suggestion?
I have attached configurations for both applications