Jump to content

Help on login error


Alberto M
 Share

Recommended Posts

Hi.

I need some help on this situation.One of our users is having this error when trying to open Hornbill. We already checked the browser - Chrome - and updated it with the latest patches, cleared cache and data. The same user gets the same error in his old computer (the user was renovating his computer).

Some help needed, please.

 

Thanks

Alberto

image.png.a7c64a9ee8920f6340f7644089b63181.png

Link to comment
Share on other sites

@Alberto M is this only for one user, everyone else login fine? Looks to me that you are using SSO (this is an SSO specific error message) and for some reason there is a problem during SSO authentication. It needs some investigation by support and exchange of information that is not suited for forums. May I ask you to raise a support request in this regard please?

Link to comment
Share on other sites

@Alberto M

Just had a quick look at what this error means.  The user you mention is using SSO, and this error is reporting that the signed digital signature hash computed against the digital assertion provided by your identity provider does not match the expected has result.  So that leads to a number of questions. 

* Do you have more than one SSO profile in use on your instance?
* Are other users using the same profile? and if so, are they also having problems?

The error message suggests that the assertion your IDP (ADFS?) is issuing is corrupt or somehow invalid, you would need to talk to the admins of your identity provider/ADFS system 

Gerry

  • Like 1
Link to comment
Share on other sites

@Alberto M

In which case its very likely to be an issue with the ADFS server.  If its user specific, does that user have any strange Unicode characters in their login id, name, email or other such login related information, this can also sometimes lead to checksum errors as systems don't always deal with Unicode properly. 

Gerry

Link to comment
Share on other sites

@Alberto M

Ok please post back I am curious now to see if this is something we are not handling correctly, it could be if its down to the unicode characters and the codepages the XML is working in.  We assume utf-8 for the XML message (assertion) coming out of ADFS, which is pretty much the standard, but I would not be at all surprised if ADFS put out a different code-page or encoding (or could be configured to do so) which may not be valid, or which is valid but we are not handling correctly. will be interesting to know. 

Thanks

Gerry

Link to comment
Share on other sites

@Gerry

From our ADFS team:
"We have done certain changes to AD account that was created. The account included certain unicode values and we force replicated to Azure AD as well."

So, it seems that the account had unicode characters that have been replaced by non-unicode and now the user can login into Hornbill.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...