Jump to content

Recommended Posts

Posted

Hi 

We have multiple email domains which means we have multiple IDP setups that log into Hornbill using SSO, however, when a specific idp is selected, we are correctly directed to log in via Google and provide MFA etc, however, instead of logging in, users are met with: 

Quote

 

403. That’s an error.

Error: app_not_configured_for_user

Service is not configured for this user.

 

 

The certificates do not expire until 2024, and the ACS URL and Entity ID in Google match our other idp settings that are working...

One thing to note, which could be related.

When we go into SSO Profiles within Hornbill, there is the following message:
 

Your SSO SAML Metadata Configuration needs to be updated, this can be done from the SSO Profiles page. Please see here for more details

However, when we try to follow the instructions as advised by above and upload the METADATA via XML, Hornbill "hangs" at "Importing Data..." and never finishes?
 
I'm aware we have had SSO since it was a PHP setup and our other "working" domains are still pointing at the php setup, unsure if this is related or not.
 
One other thing is when you download the XML from the SSO profiles page you'll notice this has "BETA" in the URL?
 
https://mdh-p01-api.hornbill.com/(ourinstance)/xmlmc/sso/saml2/authorize/user/beta
 
Tried setting up from scratch, still no luck.
Any help would be appriciated.
 
Thanks
 
Adam

 

 

Posted

Apologies the metadata url seems incorrect, you should be able to access the correct metadata from:
https://hhq-p01-api.hornbill.com/(instance)/xmlmc/sso/saml2/metadata/user/live
You should import this metadata to your google SSO IDP, You will also need to click on the 'Update SAML Profile' button on your Google SSO Profile page in hornbill to update the metadata there.  This should only be done after importing the metadata from the URL above.
image.png

Thanks

Trevor

Posted
31 minutes ago, TrevorHarris said:

Apologies the metadata url seems incorrect, you should be able to access the correct metadata from:
https://hhq-p01-api.hornbill.com/(instance)/xmlmc/sso/saml2/metadata/user/live
You should import this metadata to your google SSO IDP, You will also need to click on the 'Update SAML Profile' button on your Google SSO Profile page in hornbill to update the metadata there.  This should only be done after importing the metadata from the URL above.
image.png

Thanks

Trevor

HI Trevor, 

 

Thanks for your response, I have updated the URL.

However, when I try to update the metadata by posting the XML, Hornbill just hangs at "Importing Data..." with a spinning hornbill logo...

 

 

Posted

HI Trevor, 

 

Thanks for your response, I have updated the URL.

However, when I try to update the metadata by posting the XML, Hornbill just hangs at "Importing Data..." with a spinning hornbill logo...

 

image.thumb.png.162677b232a53a380d8533e48623fbb5.png

 

Further to this, when I try to log in, I get a new error:

 

hornbill-logo-full.svg

Unable to load framework

Show Details
TypeError: Cannot read properties of undefined (reading 'modules')
    at runAppModules (https://live.hornbill.com/(INSTANCENAME)/app/esp.bootstrap.js?rel=1710_2:370:63)
    at https://live.hornbill.com/(INSTANCENAME)/app/esp.bootstrap.js?rel=1710_2:456:12

 

Thanks

 

Adam

 

Posted
13 hours ago, Victor said:

@Adambingley I think the Update not working was a defect confirmed by development. We have a fix ready, afaik it will be included in the next Core UI update.

Thanks - Do you have any ETA on that? 

Posted

Hi @Adambingley

Could you check the roles you have for the user you're logging in as the Unable to Load Framework Error suggests the user could login but doesn't have sufficient access?  We hope to be able release core ui later this week

Thanks

Trevor

  • Like 1
Posted
6 hours ago, TrevorHarris said:

Hi @Adambingley

Could you check the roles you have for the user you're logging in as the Unable to Load Framework Error suggests the user could login but doesn't have sufficient access?  We hope to be able release core ui later this week

Thanks

Trevor

Thanks - I set up a test user on this domain to do the testing, working as expected again for other users.

The point was that the Entity ID and ACS URL was pointing to a BETA address, changed the link provided from BETA to LIVE and it worked.

Will wait for the META data upload fix before we do the other domains as they appear to remain working at this point in time.

 

Thank you for your assistance. 

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...