Cannot Save changes to a SSO Profile

[RIaz Ashruf]

Updated our ADFS decrypting certficate and updated Hornbill. When saving the profile it error asking for the Entity ID.

Cannot find this on the Wiki.

I tried using this https://service.hornbill.com/<portalname>/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml but still does not work.

 

I get the option to pick a profile when login, which is new, then ADFS login page and then I see this error message.

 

The specified SSO profile [] could not be found

Please contact you system administrator or click here to try again

 

 

[Hornbill Staff DR]

Hi Riaz,
 it was great to speak with you this morning and assist with the above. I'll summarise some key configuration for the benefit of others who may come across this thread.

In the context of a SSO Profile in Hornbill, the entityID contains the URL related to your identity provider (IDP), e.g. ADFS, where users are sent for authentication. In theory, we should never have to know the value for entityID because it's contained in the metadata (generated from the configuration in the IDP) which is uploaded into the Hornbill SSO profile to populate the required fields.

The reason why the SSO Profile may not have saved is because another SSO Profile already existed with that EntityID specified. Only one Hornbill SSO profile is required per identity provider.

When updating new certificate information, the new metadata should be uploaded into an existing SSO Profile. In this situation, you will see the new certificate appended in the certificates section and be able to save these changes.

Dan

[Hornbill Staff DR]

@RIaz Ashruf,

 further to my above post, we've identified an issue with the validation when saving changes to an existing SSO Profile. It appears to erroneously conclude that the entityID already exists, even if you only have one SSO Profile configured, almost as if it's validating against itself when you hit the save button.

I think the situation reported in your original post were a result of further configuration you'd made to try and overcome the issue, which meant I made some incorrect assumptions.

I can confirm that development are on the case to correct the validation logic and will release a fix in due course. The current workaround, as we performed together, is to delete the SSO Profile and create a completely new one as the validation logic performed on creation is working as expected, its just updating existing profiles where we have this problem.

Dan

[Hornbill Staff DR]

The fix for the validation issue which prevents saving of changes to an existing SSO profile will be available in platform build 3381 and above.