SAML | Skip login page | Login directly with SAML | Query to enable AD or Local Auth during SAML issues
Issue:
When users have AD and/or local authentication enabled along with SAML, the login page is shown when a link from an email is clicked and users need to click "Login with SAML" again.
Workaround 1:
You can bookmark, <sdp_url>/SamlRequestServlet and access it to log in directly via SAML.
Limitation of workaround 1: However, when a link is clicked from email, SAML will not happen directly, but the login page will be shown.Workaround 2:
- You can disable AD Authentication and Local Authentication and have SAML as the only mode of authentication.
- To disable AD Authentication, go to Admin -> Active Directory -> Enable Active Directory -> Disable
- To disable local authentication, go to Admin -> Advanced Portal Settings (or Application Settings under ESM directory) -> Allow user login based on local authentication -> Disable
- Now SAML login will be attempted without showing the login page.
- When there is a SAML error, local authentication will be allowed automatically in that browser instance from 14304.
SD-110962 : Users are allowed to login via local authentication when SAML authentication fails even if SAML is configured as the only mode of authentication.
Limitation of workaround 2: When there is an issue with SAML, and there are no local auth password is not known, need to reset local auth password or enable AD authentication (if it was configured)Queries to enable Local / AD Authentication:
For enabling local auth:
update globalconfig set paramvalue='true' where parameter='Enable_LocalAuthentication_Login';
For enabling AD Auth:
update sdpamconf set pammodule_id = AAAPAMMODULE.pammodule_id from AAAPAMMODULE where AAAPAMMODULE.name = 'SDRelationalLoginModule';
New to ADSelfService Plus?
Related Articles
SAML | Auto Login with ADFS (in Intranet)
Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...Configuring SAML with ADFS
Step 1: Open the ADFS management application Step 2: Right-click Relying Party trust and choose Add Relying Party Trust. The Add Relying Party Trust Wizard opens. Step 3: Choose Claims Aware and click Start Step 4: Choose Enter data about the relying ...How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...