Gary@ADL Posted August 11, 2021 Share Posted August 11, 2021 Hi Guys - we are trying to configure our SSO to work with O365, we have followed the instructions, but are getting an error as below, which looks like its expecting the sso.hornbill.com URL as an identifier, but the 'Patterns' suggestion against the app says nothing about this? if we add in SSO.*** as per the pattern (https://<SUBDOMAIN>.hornbill.com/<INSTANCE_NAME>), it prompts for a sign in, and an MFA prompt, but then gives an error message about the reply URL not matching (3rd picture) anyone got any ideas please? we are not sure if our identifiers are incorrect? or if something else is amiss - many thanks Link to comment Share on other sites More sharing options...
Gary@ADL Posted September 2, 2021 Author Share Posted September 2, 2021 hi guys - anyone able to shed any light on this one by chance? thanks Link to comment Share on other sites More sharing options...
TrevorHarris Posted September 3, 2021 Share Posted September 3, 2021 Hi @Gary@ADL Sorry we missed this, we are currently trying to update the documentation with Microsoft as the details there are out of date. The metadata is available to download in the admin tool under System > Security > SSO Profiles but I don't think its possible import this in O365, the pattern for the entity Id and Reply Url is as follows. Entity Id: https://sso.hornbill.com/[INSTANCE NAME]/[STREAM] Reply Url: https://[API DOMAIN].hornbill.com/[INSTANCE NAME]/xmlmc/sso/saml2/authorize/user/[STREAM] So for example in your case this would be:https://sso.hornbill.com/alexanderdennis/livehttps://mdh-p01-api.hornbill.com/alexanderdennis/xmlmc/sso/saml2/authorize/user/live Thanks Trevor Link to comment Share on other sites More sharing options...
Gary@ADL Posted September 8, 2021 Author Share Posted September 8, 2021 hi @TrevorHarris - many thanks for your reply we tried this and got a little further, but we are now receiving the below error message, if you could assist please - thanks Link to comment Share on other sites More sharing options...
TrevorHarris Posted September 9, 2021 Share Posted September 9, 2021 Hi This means the Id your identity provider is sending doesn't match any user Ids in Hornbill, either the user doesn't have an account or the wrong identifier is being sent. More info about this problem here https://wiki.hornbill.com/index.php?title=Troubleshooting_Single_Sign_On Thanks Trevor Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now