Hi,

I have implemented SSO login in application. If the Registered roles is selected in application then it works fine. However if  only select a specific role created for application, then while logging it shows invalid permission. Even though my UserID have that role assigned. Do we need to customize the login if we are assigning application specific roles?

Thank you.

Hi,

did you check this documentation:

Cheers

Hi Puja,

This sounds like the screen where you're being redirected to after logging in, does not have that specific role checked. Can you make sure that specific role is checked?

Regards,

Nordin

Nordin Ahdi wrote:

Hi Puja,

This sounds like the screen where you're being redirected to after logging in, does not have that specific role checked. Can you make sure that specific role is checked?

Regards,

Nordin

The redirecting screen has that specific role checked . 

Did you make sure to logout and login after you published the changes? Because roles are being initialized during login.

Regards,

Nordin

Nordin Ahdi wrote:

Did you make sure to logout and login after you published the changes? Because roles are being initialized during login.

Regards,

Nordin

Yes I did. In Traditional application its working, but for Reactive it is not.


Are you redirecting from the Traditional Web App to the Reactive Web App and expect to stay logged in?

In that case SSO between App Types is only supported in Platform Server version 11.8.0 or above.

If this is not the case, can you share an example OML with this behavior?

Regards,

Nordin

Nordin Ahdi wrote:

Are you redirecting from the Traditional Web App to the Reactive Web App and expect to stay logged in?

In that case SSO between App Types is only supported in Platform Server version 11.8.0 or above.

If this is not the case, can you share an example OML with this behavior?

Regards,

Nordin

No I'm not redirecting from Traditional to Reactive. I meant the same scenario works if creating Traditional application. 

Attaching the test oml.


In my case it is working fine Puja. 

I'm being logged in and redirected to the RequestDetail screen which is showing correctly. I tried with different users.


If the user does not have the SSO role, I'm getting the Invalid Permissions screen like expected.

Nordin Ahdi wrote:

In my case it is working fine Puja. 

I'm being logged in and redirected to the RequestDetail screen which is showing correctly. I tried with different users.


If the user does not have the SSO role, I'm getting the Invalid Permissions screen like expected.


Hi Nordin,

Did you used Outsystems basic login !! If yes, then it works as expected. But in my case, I'm using SAML 2.0 authentication, not sure if you already noticed it. Just wanted to confirm though.

Thank you.

Hi Puja,

Ok now it makes sense. So for SAML 2.0 it is a different story since for Reactive Web Apps, it is only supported with Platform Server 11.8.0 or above and you need to have the latest OutSystems UI Templates Reactive installed in your environment.

Please check out the pre-requisites in this documentation for more information.

Hope this helps.

Regards,

Nordin

Nordin Ahdi wrote:

Hi Puja,

Ok now it makes sense. So for SAML 2.0 it is a different story since for Reactive Web Apps, it is only supported with Platform Server 11.8.0 or above and you need to have the latest OutSystems UI Templates Reactive installed in your environment.

Please check out the pre-requisites in this documentation for more information.

Hope this helps.

Regards,

Nordin

Hi Nordin,

The Platform server version is compatible , i was just checking for the Outsystems UI Template Reactive. The template have also been updated in our development environment. And yes, I did have gone through the documentation and made changes accordingly. But still no luck. It doesn't seems to work.


Hi Puja,

I can see you made the changes to the flows accordingly, so I'm almost out of ideas here. 

So if your Platform Server version is 11.8.0 or above and SAML 2.0 is correctly configured in the Users application, only thing left to try is enabling the Single Sign-On Between App Types in Service Center and click Save and Apply Settings to the Factory. As this is also mentioned in the pre-requisites.


Nordin Ahdi wrote:

Hi Puja,

I can see you made the changes to the flows accordingly, so I'm almost out of ideas here. 

So if your Platform Server version is 11.8.0 or above and SAML 2.0 is correctly configured in the Users application, only thing left to try is enabling the Single Sign-On Between App Types in Service Center and click Save and Apply Settings to the Factory. As this is also mentioned in the pre-requisites.


Hi Nordin,

This property is also enabled in Service Center but still it did not worked.

Thank you.


Hi Puja,

Then I am officially out of ideas. 

I suggest you open a support case with OutSystems and have them troubleshoot your issue further. You can of course share the link to this post so they would know where our investigation came to an end.

Sorry I was not able to help you further.

Regards,

Nordin