OnDemand User Group
Support Forums => Content Navigator => Topic started by: Steve Bechtolt on July 27, 2021, 01:16:58 PM
-
Has anyone had any issues migrating ICN/CMOD SSO via SAML from using the IBM SSO Plugin and ARSUSEC program to the built-in SSO feature CMOD now supports?
We have two clients configured on a single WAS system: one uses PingIdemtity and the other uses OKTA as their Identity Provider.
Both clients work using Plugin/ARSUSEC. The PingIdentity client also work on the new built in SSO, but the OKTA client gets an error when using the built-in method. The issue is that the LTPA key for that browser session has expired. The can successfully login, but when they try to open a folder is when they get the message about the expired LTPA key.
Any thoughts?
-
My recommendation is to open a case with WebSphere. Sounds like something isn't working/configured properly on the WAS side.