Can only log into services if I have already logged into live

[James Gallally]

Hi,

I am in the process of trying to get everything ready to go live with Hornbill. I am using Azure AD for single sign on which works for logging into live.hornbill.com/instanceid & admin.hornbill.com/instanceid (when I remember to put users in correct group :|) however I am having issues logging into service.hornbill.com/instanceid

If I am already logged into either admin.hornbill.com/instanceid or live.hornbill.com/instanceid, and I open a new tab to go to service.hornbill.com/instanceid, it logs me straight through and works fine. If however, I have no open tabs for either admin.hornbill.com/instanceid or live.hornbill.com/instanceid, when I go to log into service.hornbill.com/instanceid I get a Microsoft error message saying 

AADSTS700016: Application with identifier 'https://service.hornbill.com/instanceid/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml' was not found in the directory 'azure tenant id here'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

I close down the tab, log into live.hornbill.com/instanceid, and then open a new tab for service.hornbill.com/instanceid, and it logs me straight in.

I have tried multiple accounts in multiple browsers. I have tried Basic and User types, and made sure that they each have the appropriate roles for each type.

It seems to be an Azure AD issue but I do not know where to look. When I run the "Test single sign-on with Hornbill - user" from within the "Hornbill - user - SAML-based Sign-on" section of Azure it works (although it does take me through to live.hornbill.com/instanceid)

What am I missing?

Any help would be much appreciated.

Thanks

James

[TrevorHarris]

Hi @James Gallally

Its sounds like you have not configured Azure to authenticate the service portal, you will need to create a new SAML profile on Azure using the metadata for the Service Portal, this can be downloaded from the admin tool under System > Security > SSO Profiles by clicking the Service button as shown in the screenshot.

The process for importing this to Azure will be the same as the user metadata which you've already setup, but you will need to consult the Azure documentation for that.

More details can be found here: https://wiki.hornbill.com/index.php/Single_Sign_On_with_SAML_2.0

Hope this helps

Thanks

Trevor H

 

[James Gallally]

Hi @TrevorHarris

Thanks for that, I assumed it was something like that. I've just read the wiki page again and see the following:

"SERVICE - contains information for https://service.hornbill.com/[your instance name]
This is the URL relating to the Hornbill Service Portal and is due to be retired during 2020. All new implementations of Hornbill do not require this."

I have been playing around with just using live.horbbill.com/instance for all my customers (they are all internal) but was recently advised that I should be using service.hornbill.com - is there any indication of when this will be retired and how its function will be replaced?

Thanks

James

 

[TrevorHarris]

I beleive the service.hornbill.com will be replaced by the Employee Portal in the summer of 2020.

You can get an overview of the Employee Portal here: