Jump to content

Unable to access instance


PSG
 Share

Recommended Posts

From this morning we get an error (below) when trying to access our instance.

We use adfs authentication however nothing has changed from 'our side'.

Everything was okay yesterday.

We updated to the current version of Service Manager (979) yesterday.

The instance is available as i can login with the admin account.

Please can someone look at this ASAP as we need the service live for Monday morning.

I contacted the cloud support number who suggested raising it on here.

Regards,

Jamie

IN00068614.PNG

Link to comment
Share on other sites

Thanks @James Ainsworthit looks like our signing and decrypting certs were renewed on the 4th June. It appears coincidental that after exactly 5 days it's stopped working. Do we have to update anything in Hornbill if either of those certs change?"

Link to comment
Share on other sites

@PSG

Jamie,

I would hope that the actual error message we display was self-explanatory, if you can make any suggestion as to how we could improve this message further I would appreciate that. 

ADFS can (and often is because its the default option) be configured to auto renew certificates annually, it will re-generate them and the previous ones will expire, as a general rule there will be a grace period set where both the new and old certificates are valid, it sounds like in your case that is 5 days. From your above comments you knew about the certs being updated but I guess you were not aware that you would need to update Hornbill with your certs.

All you need do it go into your SSO Profile  (Admin Home -> System -> Security -> SSO Profiles) and update the affected SSO Profile with the refreshed certificate and your all set.  Here are a couple of useful links. 

https://wiki.hornbill.com/index.php/Single_Sign_On_with_SAML_2.0
https://wiki.hornbill.com/index.php/SSO_Example_Config_Microsoft_ADFS_2.0_for_User_Accounts

You should also speak with your security/ADFS team, they can always set the certificates on your ADFS server not to expire, or to auto renew less frequently which is another option.  Its hard to be specific because each company has different views and policies, and of course different systems, ADFS is one of many Identify providers we support for SAML 2.0.

If your certs are going to renew I would strongly suggest changing your process so when you are notified of such changes you have a task set to update the SSO Profile in Hornbill during the grace window set on you ADFS deployment


Gerry

Link to comment
Share on other sites

HI @Gerry, thanks for the update - the relevant team have applied the valid key and all is working again.

Thanks again for your quick responses and help.

 

Regards,

Jamie

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...