Jump to content

Blank page when authentication request is redirected to Federation server


carlt

Recommended Posts

We have been using SSO in Hornbill for quite a while without issue but have recently started experiencing an issue that is at the moment seemingly only affecting a small number of users.

In internet Explorer when the user selects the Identity Provider (we have 4 SSO profiles) the page redirects to the Federation server with just a blank page. Only when the page is refreshed is the redirect to Hornbill initiated.

We have other applications that use Federation that apparently aren't experiencing the same issue.

Have you seen this before? Is it likely to be related to Hornbill, Internet Explorer or the Federation servers? 

Thanks

Carl

Link to comment
Share on other sites

Hello Carl,

Is it always the same users? is it always the same iDP? are there users on the same iDP that are not affected?

Once you select the SSO profile, the Hornbill server will re-direct the browser to the related Fed server.  The return redirect URL (that is the URL that the browser must go to after authentication is done on the Fed server) is returned to the browser by the Fed server, the browser then redirects to that URL which should be the Hornbill app,  in that part of the SSO process, Hornbill is out of the loop, its just the Fed Server and the Browser so either the URL that the Fed server is returning is invalid, or the web page/return HTTP headers served by the Fed server are wrong - or finally, the browser is being told to re-direct but for some reason (likely local settings) the browser is not doing the redirect correctly. Here is the wikipedia diagram that shows the SSO flow under SAML 2.0

image.png  

It is almost certainly related to the federation server or specific settings on the browsers in question.  Can you get one of the same users to try a different browser like Chrome or Firefox to see if you see the same thing?  If you do, then its probably the fed server, if not then its probably the local browser settings. 

 

Gerry

Link to comment
Share on other sites

Thanks for that @Gerry

The issue only came to light yesterday. It's not affecting everyone but with the users who are affected, it happens every time.

Chrome and Firefox are fine but they redirect to the Federation log in page as opposed to IE which (on the network) automatically authenticates with the Fed server.

I'll get our IE and Federation settings looked into 

Thanks

Carl 

Link to comment
Share on other sites

@carlt

That sounds very much like the browser or fed settings. even if the browser authenticates with the Fed Server it should still redirect, otherwise its not following the SAML protocol so there must be a setting or something, I am sure your network team will be able to solve the issue. 

 

Gerry

Link to comment
Share on other sites

  • Victor changed the title to Blank page when authentication request is redirected to Federation server
  • 2 weeks later...

We traced the issue to a Microsoft security update - if you have updated IE11 to version

Version: 11.09600.19101
Update Version: 11.0.75 (KB4343205)

See https://support.microsoft.com/en-gb/help/4343205/cumulative-security-update-for-internet-explorer, check out known issues section and fixes.

We are rolling out 2018-09 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 for x64-based systems (KB4457426) which has fixed this issue for us.

 

  • Thanks 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...