Giuseppe Iannacone Posted September 21, 2020 Share Posted September 21, 2020 Probably this was already said before, but I should have lost it. is there a way to customize the landing page for the new SSO method? Link to comment Share on other sites More sharing options...
TrevorHarris Posted September 21, 2020 Share Posted September 21, 2020 @Giuseppe Iannacone You can customise this page in the admin tool under System > Manage Portals > Manage Login You can change the main splash image and also add a footer there Thanks Trevor Link to comment Share on other sites More sharing options...
themingsen Posted September 22, 2020 Share Posted September 22, 2020 Are we able to revert to the old way of passthrough authentication with Integrated Windows Authentication? 1 Link to comment Share on other sites More sharing options...
TrevorHarris Posted September 23, 2020 Share Posted September 23, 2020 @themingsen The passthrough authentication is not done in Hornbill but on your Single Sign On identitiy provider, clicking on the Log In With Single Sign On button will allow you to sign on using the identity provider. If it was configured with passthrough authentication that will still work in the same way. Thanks Trevor Link to comment Share on other sites More sharing options...
lee mcdermott Posted September 23, 2020 Share Posted September 23, 2020 @TrevorHarris is there any way to turn this off so you are not prompted to select an option everyday you log in? we use SSO and by accessing the Live URl used to just log you in, now it is a little frustrating that you have to select the same SSO option every day to log in. thanks lee Link to comment Share on other sites More sharing options...
Giuseppe Iannacone Posted September 23, 2020 Author Share Posted September 23, 2020 2 hours ago, TrevorHarris said: If it was configured with passthrough authentication that will still work in the same way. @TrevorHarris can you explain better? this mean that has to be adjusted on Hornbill side or in ADFS side? Link to comment Share on other sites More sharing options...
TrevorHarris Posted September 23, 2020 Share Posted September 23, 2020 @lee mcdermott No, this can't be turned off, a fuller explaination of this change can be found here: @Giuseppe Iannacone The Pass through authentication is a feature of the ADFS server that you use to login so it needs to be configured there, it is not part of Hornbill. Thanks Trevor 1 Link to comment Share on other sites More sharing options...
themingsen Posted September 23, 2020 Share Posted September 23, 2020 So to be clear, there is no way to go back and have us automatically login without clicking the link? I am getting a lot of push back from above on this and have been tasked with seeing if we can go back to how it was before the 22nd. Thanks Link to comment Share on other sites More sharing options...
Dan Munns Posted September 24, 2020 Share Posted September 24, 2020 I agree with @themingsen. All of our SSO is completely transparent to the user. I have had a lot of questions raised about this. 2 Link to comment Share on other sites More sharing options...
Giuseppe Iannacone Posted September 24, 2020 Author Share Posted September 24, 2020 @themingsen @Dan Munns from what I understood from @TrevorHarris the SSO passthrough option has to be configured on our side (ADFS in my case) and not on the Hornbill side. How it could be done I don't know, but I'm in touch with our SSO expert... as far I discover something I will let you know. Link to comment Share on other sites More sharing options...
Dan Munns Posted September 24, 2020 Share Posted September 24, 2020 SSO passthrough wont bypass the Hornbill splash screen from what I know. We use Azure for SSO and when the user is in an office SSO used to be completely transparent. If they are logging in from home, the first time they will get the Azure splash screen to complete 2FA, they can then set Azure to remember this location and wont get it again. It seems that now they get the Hornbill splash screen which sometimes triggers the Azure splash screen even if they have set 'remember me' previously, although they dont have to complete the 2FA again. Link to comment Share on other sites More sharing options...
Giuseppe Iannacone Posted September 24, 2020 Author Share Posted September 24, 2020 @Dan Munns I see your point and it's not 100% clear to me to, but I'm not an expert. What my mind is suggesting me is: I made no changes on SSO-ADFS, what is changed in on Hornbill side, there's something to adjust there. At this point we need some explanation from you guys in Hornbill. Thank you! Link to comment Share on other sites More sharing options...
Fabrizio Spinelli Posted September 24, 2020 Share Posted September 24, 2020 @TrevorHarris I do agree with previous comments. We (I work with @Giuseppe Iannacone )have passthrough enabled in our ADFS instance. Namely the flag IntranetUseLocalClaimsProvider is set up to true, so ADFS is instructed to automatically leverage ActiveDirectory as identity provider for logins whnenever the user is connected in intanet network) In this topic https://community.hornbill.com/topic/19082-important-sso-login-changes-coming/ there's explicit indication of the fact all users will see the 'splash' screen. Your landing webpage is set up to trigger the SAML challenge to the configured IDP only after explicit choice from the user. This is NOT something configurable in ADFS or in other IDP, this is how you implemented the SSO flow . Do you have any feedback on this? Link to comment Share on other sites More sharing options...
Giuseppe Iannacone Posted September 24, 2020 Author Share Posted September 24, 2020 @Victor can you help us? maybe @TrevorHarris is busy or out of office?!? Link to comment Share on other sites More sharing options...
Dan Munns Posted September 24, 2020 Share Posted September 24, 2020 Could Hornbill not set this to auto navigate to the splash screen page if SSO fails rather than every single time? Link to comment Share on other sites More sharing options...
Giuseppe Iannacone Posted September 24, 2020 Author Share Posted September 24, 2020 +1 for the suggestion made by @Dan Munns Link to comment Share on other sites More sharing options...
HGrigsby Posted September 24, 2020 Share Posted September 24, 2020 Hi I have to say that I am also getting a lot of negative feedback from the users about the new button. I looked at customising the home page to at least make it fit our branding, but when I changed the image the button disappeared and then an ID and password box appeared and you have to then log in, which is definitely worse. So glad I did it on our test instance and not the live one as even having used the "reset to default" it doesn't give me the button back and only leaves the login boxes. Helen Link to comment Share on other sites More sharing options...
Victor Posted September 25, 2020 Share Posted September 25, 2020 @all I know that having IWA configured for certain relying party trusts allows users to login without having to input any credentials given they are already authenticated in the network. However the new HB login screen will be displayed even if you have IWA configured as such. It won't require any credentials to be typed in by the user but it will require the user to choose one of the login options which would be usually "Login with SSO". Why it implemented like this? As mentioned in @Gerry announcement there are several functions that did not work quite well with the previous login mechanism (the list is detailed in the post). Also, the new login system allows the implementation of future functionality around login which was not possible with the previous login system. However, I am no expert in this functionality and the underlying code so I cannot say in detail why we implemented it as such. If you have any further queries, questions or suggestions these will have to be answered by product managers and developers. Link to comment Share on other sites More sharing options...
Giuseppe Iannacone Posted September 28, 2020 Author Share Posted September 28, 2020 @Victor can you please mention in this post a product manager and/or a developer that can provide us a feedback on the topic? thank you. Link to comment Share on other sites More sharing options...
HHH Posted September 28, 2020 Share Posted September 28, 2020 Would it be possible to just have a checkbox "Remember my choice" and then drop a cookie with whatever login type is to be used? 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now