Jump to content

Force remote authentication override

Dan Munns

Recommended Posts

Hi all, 

I have a few users who are logging on to Service Manager from within the group but dont have AD credentials (so SSO wont work) on our domain. 

They are looking at using Azure to authenticate (as we do) but they wont be ready for that for a number of months and I need a way to do this now. 

The setting 'Force remote authentication override' in the users account fails to set when used so I have two questions:

1. Does this work at all or has it been turned off somewhere (setting maybe I need to set)

2. Will this allow them to navigate to a logon page using the normal URL rather than have to use the admin.hornbill url as a backdoor (which I dont really want to do if I can help it)



Link to comment
Share on other sites

Yeah, I was hoping the setting I was given, would just allow the URL to work in the first place (if used) and then I could force some accounts to only authenticate with credentials.
Everyone else uses or SSO.

Tried adding the SSO profile name to the url to force SSO for everyone else, but that didnt seem to work either. 

Link to comment
Share on other sites

Ok, so don't use Force remote authentication override. Does not work and will be removed. The only option to sort of gracefully bypassing SSO is the guest.anonymous.saml.guest.allowhornbilllogin. IIrc there is an option to set a preference when used first time so it should not ask more than once. I'll update our documentation with the following:

It is possible to allow users and customers to choose whether to login via SSO or via the standard Hornbill login screen, this can be done with the following settings:

  • guest.anonymous.saml.user.allowhornbilllogin this will allow users/co-workers/internal users to choose the authentication method
  • guest.anonymous.saml.guest.allowhornbilllogin this will allow customers/contacts/external users to choose the authentication method
  • If these settings are enabled the user will be presented with a screen allowing them to select their identity provider, either one of the configured SAML options or Hornbill. You can rename the Hornbill option with the guest.anonymous.saml.hornbilllogin.name setting
Link to comment
Share on other sites

Hi @Victor the issue I have is the we dont allow browser cookies and all browser history is cleared when the broswer is closed so it asks everytime. 

I will have a look more into adding the entiyid to the url and see if I can get that to work with direct links, then find all the Hornbill links on our sharepoint and add the correct urls I guess.

Either that or I will leave them with the bypass url for admin.hornbill and tell them to sort out Azure so they can use SSO and it wont be a pain....

Oh the joys I have no doubt got in store..... :D

  • Sad 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...