Adambingley Posted August 8, 2022 Posted August 8, 2022 Hi We have multiple email domains which means we have multiple IDP setups that log into Hornbill using SSO, however, when a specific idp is selected, we are correctly directed to log in via Google and provide MFA etc, however, instead of logging in, users are met with: Quote 403. That’s an error. Error: app_not_configured_for_user Service is not configured for this user. The certificates do not expire until 2024, and the ACS URL and Entity ID in Google match our other idp settings that are working... One thing to note, which could be related. When we go into SSO Profiles within Hornbill, there is the following message: Your SSO SAML Metadata Configuration needs to be updated, this can be done from the SSO Profiles page. Please see here for more details However, when we try to follow the instructions as advised by above and upload the METADATA via XML, Hornbill "hangs" at "Importing Data..." and never finishes? I'm aware we have had SSO since it was a PHP setup and our other "working" domains are still pointing at the php setup, unsure if this is related or not. One other thing is when you download the XML from the SSO profiles page you'll notice this has "BETA" in the URL? entityID="https://sso.hornbill.com/(ourinstance)/beta https://mdh-p01-api.hornbill.com/(ourinstance)/xmlmc/sso/saml2/authorize/user/beta Tried setting up from scratch, still no luck. Any help would be appriciated. Thanks Adam
TrevorHarris Posted August 8, 2022 Posted August 8, 2022 Apologies the metadata url seems incorrect, you should be able to access the correct metadata from:https://hhq-p01-api.hornbill.com/(instance)/xmlmc/sso/saml2/metadata/user/live You should import this metadata to your google SSO IDP, You will also need to click on the 'Update SAML Profile' button on your Google SSO Profile page in hornbill to update the metadata there. This should only be done after importing the metadata from the URL above. Thanks Trevor
Adambingley Posted August 8, 2022 Author Posted August 8, 2022 31 minutes ago, TrevorHarris said: Apologies the metadata url seems incorrect, you should be able to access the correct metadata from:https://hhq-p01-api.hornbill.com/(instance)/xmlmc/sso/saml2/metadata/user/live You should import this metadata to your google SSO IDP, You will also need to click on the 'Update SAML Profile' button on your Google SSO Profile page in hornbill to update the metadata there. This should only be done after importing the metadata from the URL above. Thanks Trevor HI Trevor, Thanks for your response, I have updated the URL. However, when I try to update the metadata by posting the XML, Hornbill just hangs at "Importing Data..." with a spinning hornbill logo...
Adambingley Posted August 8, 2022 Author Posted August 8, 2022 HI Trevor, Thanks for your response, I have updated the URL. However, when I try to update the metadata by posting the XML, Hornbill just hangs at "Importing Data..." with a spinning hornbill logo... Further to this, when I try to log in, I get a new error: Unable to load framework Show DetailsTypeError: Cannot read properties of undefined (reading 'modules') at runAppModules (https://live.hornbill.com/(INSTANCENAME)/app/esp.bootstrap.js?rel=1710_2:370:63) at https://live.hornbill.com/(INSTANCENAME)/app/esp.bootstrap.js?rel=1710_2:456:12 Thanks Adam
Victor Posted August 8, 2022 Posted August 8, 2022 @Adambingley I think the Update not working was a defect confirmed by development. We have a fix ready, afaik it will be included in the next Core UI update.
Adambingley Posted August 9, 2022 Author Posted August 9, 2022 13 hours ago, Victor said: @Adambingley I think the Update not working was a defect confirmed by development. We have a fix ready, afaik it will be included in the next Core UI update. Thanks - Do you have any ETA on that?
TrevorHarris Posted August 9, 2022 Posted August 9, 2022 Hi @Adambingley Could you check the roles you have for the user you're logging in as the Unable to Load Framework Error suggests the user could login but doesn't have sufficient access? We hope to be able release core ui later this week Thanks Trevor 1
Adambingley Posted August 9, 2022 Author Posted August 9, 2022 6 hours ago, TrevorHarris said: Hi @Adambingley Could you check the roles you have for the user you're logging in as the Unable to Load Framework Error suggests the user could login but doesn't have sufficient access? We hope to be able release core ui later this week Thanks Trevor Thanks - I set up a test user on this domain to do the testing, working as expected again for other users. The point was that the Entity ID and ACS URL was pointing to a BETA address, changed the link provided from BETA to LIVE and it worked. Will wait for the META data upload fix before we do the other domains as they appear to remain working at this point in time. Thank you for your assistance.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now