Jump to content

Search the Community

Showing results for tags 'sso'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Hornbill Platform and Applications
    • OpenForWork
    • Announcements
    • Blog Article Discussions
    • General Non-Product Discussions
    • Application Beta Program
    • Collaboration
    • Employee Portal
    • Service Manager
    • IT Operations Management
    • Project Manager
    • Supplier Manager
    • Customer Manager
    • Document Manager
    • Timesheet Manager
    • Live Chat
    • Board Manager
    • Mobile Apps
    • System Administration
    • Integration Connectors, API & Webhooks
    • Performance Analytics
    • Hornbill Switch On & Implementation Questions
    • GRC Manager
  • About the Forum
    • Announcements
    • Suggestions and Feedback
    • Problems and Questions
  • Gamers Club's Games
  • Gamers Club's LFT

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Website URL





Found 21 results

  1. Hi We have multiple email domains which means we have multiple IDP setups that log into Hornbill using SSO, however, when a specific idp is selected, we are correctly directed to log in via Google and provide MFA etc, however, instead of logging in, users are met with: The certificates do not expire until 2024, and the ACS URL and Entity ID in Google match our other idp settings that are working... One thing to note, which could be related. When we go into SSO Profiles within Hornbill, there is the following message: Your SSO SAML Metadata Configuration needs to be updated, this can be done from the SSO Profiles page. Please see here for more details However, when we try to follow the instructions as advised by above and upload the METADATA via XML, Hornbill "hangs" at "Importing Data..." and never finishes? I'm aware we have had SSO since it was a PHP setup and our other "working" domains are still pointing at the php setup, unsure if this is related or not. One other thing is when you download the XML from the SSO profiles page you'll notice this has "BETA" in the URL? entityID="https://sso.hornbill.com/(ourinstance)/beta https://mdh-p01-api.hornbill.com/(ourinstance)/xmlmc/sso/saml2/authorize/user/beta Tried setting up from scratch, still no luck. Any help would be appriciated. Thanks Adam
  2. We have a single SSO profile configured for Azure AD. In Azure AD we have 3 Apps for Hornbill SSO (Admin, User, & service) all configured for https://*.hornbill.com/*?metadata=hornbill|ISV9.2|primary|z. We would like to enable "Auto Update Certificates" in the Hornbill SSO profile however, there is only one configuration for metadata URL. We would need 3 of these for 3 Azure app instances (each one contains the signing certs thumbprint for the instance). Could this be added? In the case of Azure AD the base URL for the metadata is always the same https://login.microsoftonline.com/TENANT_ID/federationmetadata/2007-06/federationmetadata.xml and a parameter on the end of the URL ?appid=APPID_GUID is used to select the correct metadata. @Gerry support mentioned you might be best to help on this
  3. We seem to be experiencing an issue after lunch today, for those users who had logged out over lunch and then attempting to sign back in with single sign on in Chrome. Those of us who did not logout over lunchtime have continued to work unaffected. If they switch Brower to MS Edge they are able to login fine. Basically after completing the SSO authentication they are just returned to the sign page again where they started, with no errors reported at all. I am able to replicate it when attempting to open a new session in incognito window in Chrome, whilst still having my original connection from this morning open on my main Chrome session. Not sure if this is specific to us or something related to the recent updates today. Cheers Martyn
  4. Hi, When you click "Login in with single sign on", the redirection to our SSO provider (Azure AD) happens then returns you back to the login page, on the second attempt to login with SSO, it works fine. Azure Redirect URIs; https://admin.hornbill.com/wcc/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml https://customer.hornbill.com/wcc/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml https://service.hornbill.com/wcc/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml https://mcatalog.hornbill.com/wcc/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml https://live.hornbill.com/wcc/lib/saml/auth/simplesaml/module.php/samlEspProxy/sp/saml2-acs.php/saml Have we misconfigured something?
  5. @TrevorHarris When accessing the new 'Manage Login' option in the Admin tool to configure the new SSO screen, the drop down for selecting the 'Default Identity Provider for Single Signon' is not being populated on our instance so we are not able to set a default. Cheers Martyn
  6. Good Afternoon, I know SSO might be a hot topic at the moment with the changes made in the last update, we were actually waiting for this change in order to make a smoother transition to using a Azure SSO profile. Unfortunately it doesn't seem to be working and I was hoping for some advice on where to look for possible causes. We have checked on Azure and the login request shows as a success so it appears that its failing when passing the request back to Hornbill. All I get is a message on the Hornbill login page saying 'unable to validate user credentials'... Any advice or guidance would be appreciated. Thanks, Daniel.
  7. Hi all, Does anyone have any experience using multiple domains and SSO with Service Manager? We currently have 3 domains in our business, 1 group domain and 2 child company domains. Obviously as our AD structures are separate I will have to set up the LDAP import across all three domains. However we are a little unsure as to how to configure our ADFS server to deal with the three domains. As we are moving towards our Hornbill portal being the one stop shop for all things and I am currently in the process of adding HR, Finance, Procurement and in the future, Facilities on to the portal, users from multiple business units will need access to the portal to raise requests. I don't really want to go down the Citrix route (which is what I have had to do as a stop gap for the time being) as it is quite messy / slow / labour intensive. We share a common intranet so the link to the portal is available to all but as we have not configured ADFS the SSO will not authenticate users from outside our group domain. Any help / guidance anyone can provide will be greatly appreciated. Thanks Dan
  8. Hi, I am in the process of trying to get everything ready to go live with Hornbill. I am using Azure AD for single sign on which works for logging into live.hornbill.com/instanceid & admin.hornbill.com/instanceid (when I remember to put users in correct group :|) however I am having issues logging into service.hornbill.com/instanceid If I am already logged into either admin.hornbill.com/instanceid or live.hornbill.com/instanceid, and I open a new tab to go to service.hornbill.com/instanceid, it logs me straight through and works fine. If however, I have no open tabs for either admin.hornbill.com/instanceid or live.hornbill.com/instanceid, when I go to log into service.hornbill.com/instanceid I get a Microsoft error message saying AADSTS700016: Application with identifier 'https://service.hornbill.com/instanceid/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml' was not found in the directory 'azure tenant id here'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant. I close down the tab, log into live.hornbill.com/instanceid, and then open a new tab for service.hornbill.com/instanceid, and it logs me straight in. I have tried multiple accounts in multiple browsers. I have tried Basic and User types, and made sure that they each have the appropriate roles for each type. It seems to be an Azure AD issue but I do not know where to look. When I run the "Test single sign-on with Hornbill - user" from within the "Hornbill - user - SAML-based Sign-on" section of Azure it works (although it does take me through to live.hornbill.com/instanceid) What am I missing? Any help would be much appreciated. Thanks James
  9. Morning all, We are in the process of following the steps provided pre-switch on to bring our AD into Hornbill, but have got to the point whereby we require a sign in URL and Identifyer, Who would we need to speak to in order to get this as presumably it will be unique and i need to get this ASAP Regards Alex
  10. Hello, I would like Hornbill as a development piece to work with Microsoft setting up there single sign install to be placed in the Azure marketplace. The reasons for this as followed - Easy setup of single sign on for azure users - Decreased cost for companies - This is a big one for us as currently not all users have a licence that allows them Azure premium attached them, this is as we have different sites with different licence models. Azure premium is need for users to use single sign on with azure AD if the service is not in the marketplace. If you are in the market place this is not needed I understand the above is our issue in essence but I also feel that it would be a good move for Hornbill showing that they are flexible with a range of technologies Please could this request be taken under consideration ( I know this is not a 5mins fix ) Cheers Gareth
  11. Afternoon all, Wonder if i can grab some advice, we are currently tryingn to implement our SSO profiles for the Self service portal. We are coming accross a issue where it direct the portal but does not sign users into it Here is a screenshot of our profile. we are using another piece of software (Centrify) as our source atm. so for example, Someone logs on to the centrify app or centrify webpage and then every app on that webpage is SSO from this point as AD credentials have already been supplied. Here is a screen shot of our SSO Profile: As far as i can see i have completed it to the instructionsn on the wiki page. We have done the same at the centrify end (just FYI) But the result we are getting is as follows: Does anyone have any ideas/advice in regards to this. Thanks Hayley.
  12. Hi All, We are having a slight issue with an undetermined number of users, Our userbase has a large number of contracts included that will all have different email addresses, when doing our LDAP import it is picking up from the Users Email Address within Active Directory. The problem with this is that it may not match the e-mail address they are sending from. Is there anyway for us to map the primary SMTP within AD to the Email field within Hornbill? Thank you in advance for any help.
  13. I have noticed that a new switch has appears since I last checked our SSO profile settings (some time ago) with the title of Validate Audience, which appears to be disabled by default. I could not find a reference to it in the wiki, so can someone explain what this does? Cheers Martyn
  14. Hi, Many of my colleagues and users / customers are reporting a strange behaviour on the service portal. When they click on the link that redirects then to our service portal (https://service.hornbill.com/XXX/servicemanager/request/view/SR00053013 for example), they get redirected to the login page. When they click on the login link, SSO kicks in and they authenticate ok. However, they then arrive on the landing page and many users do not even understand they need to go onto the "My Request" tab... Anyway, is this a new issue? Are you aware of a similar issue from other customers?
  15. Hi All, We use single sign-on to access Hornbill from our internet portal (which is how all of our users access all their web based system). Is there anyone of redirecting a user a user back to the portal when they logout? At the moment they are left at the Hornbill logout page. Many thanks, Darren
  16. The Single Sign On (SSO) validate certificate appears to be using the wrong date when checking if the imported certificate is still valid. We have had issues logging in hornbill this morning due to system triggering that the trust certificate is expired. However, exporting the certificate from Hornbill and viewing it in certificate viewing it has not yet expired; In our case 23rd November 2017 @ 07:36. By temporarily disabling the validation users where then able to get in, so therefore it seems the platform is expiring the certificate 15 days ahead of time. Is there a reason for this? Cheers Martyn
  17. HI, I was just wondering if there is a maximum number of SSO profiles that can be configured? We currently use SSO for our domain, but we may potentially have 160+ additional domains that will need to authenticate. With this number being quite high I am just exploring different options and wondered if this number was feasible? thanks lee
  18. We've successfully implemented SSO for our instance but unless we're missing something it is either on or off for all sites - live, admin, service & customer. Our 250+ customers will only ever access Service Manager (via service.hornbill.com) from within our corporate network so single sign-on using ADFS is ideal and this works as expected. However, our analysts will access the live site from anywhere, both inside and outside the network. What we'd ideally like to do is enable SSO for service.hornbill.com but use password authentication for live.hornbill.com. Although we can create separate SSO profiles for each site, SSO seems to be either completely on for all or off for all. We found an single historical forum post suggesting this is true but is this interpretation correct? If so, is there anything in the change pipeline to allow differential site authentication?
  19. Good morning, I am posting this on behalf of my colleague jonnutt who has registered to the forums but still pending registration.
  20. We are implementing single sign on using ADFS/SAML and pre-creating our users via the LDAP Import tool. Therefore the Hornbill platform will not contain a password in essence for any of our users. As I understand it at the moment the mobile app needs a Hornbill password to connect, rather than using the SSO process. If as user logs into the application via SSO and then uses the change password option in their profile, will this suffice for them connecting via the Mobile App? Cheers Martyn
  21. We're working with our domain admins regarding setting up SSO with our corporate network AD. They've asked if Hornbill signs the SAML requests that our domain would send. If so, how is this done? Thanks, James
  • Create New...