SAML | Skip login page | Login directly with SAML | Query to enable AD or Local Auth during SAML issues
Issue:
When users have AD and/or local authentication enabled along with SAML, the login page is shown when a link from an email is clicked and users need to click "Login with SAML" again.
Workaround 1:
You can bookmark, <sdp_url>/SamlRequestServlet and access it to log in directly via SAML.
Limitation of workaround 1: However, when a link is clicked from email, SAML will not happen directly, but the login page will be shown.Workaround 2:
- You can disable AD Authentication and Local Authentication and have SAML as the only mode of authentication.
- To disable AD Authentication, go to Admin -> Active Directory -> Enable Active Directory -> Disable
- To disable local authentication, go to Admin -> Advanced Portal Settings (or Application Settings under ESM directory) -> Allow user login based on local authentication -> Disable
- Now SAML login will be attempted without showing the login page.
- When there is a SAML error, local authentication will be allowed automatically in that browser instance from 14304.
SD-110962 : Users are allowed to login via local authentication when SAML authentication fails even if SAML is configured as the only mode of authentication.
Limitation of workaround 2: When there is an issue with SAML, and there are no local auth password is not known, need to reset local auth password or enable AD authentication (if it was configured)Queries to enable Local / AD Authentication:
For enabling local auth:
update globalconfig set paramvalue='true' where parameter='Enable_LocalAuthentication_Login';
For enabling AD Auth:
update sdpamconf set pammodule_id = AAAPAMMODULE.pammodule_id from AAAPAMMODULE where AAAPAMMODULE.name = 'SDRelationalLoginModule';