OnDemand User Group

Support Forums => Content Navigator => Topic started by: Steve Bechtolt on July 27, 2021, 01:16:58 PM

Title: CMOD Embedded SSO via ICN SAML Token
Post by: Steve Bechtolt on July 27, 2021, 01:16:58 PM

Has anyone had any issues migrating ICN/CMOD SSO via SAML from using the IBM SSO Plugin and ARSUSEC program to the built-in SSO feature CMOD now supports?
We have two clients configured on a single WAS system: one uses PingIdemtity and the other uses OKTA as their Identity Provider.
Both clients work using Plugin/ARSUSEC. The PingIdentity client also work on the new built in SSO, but the OKTA client gets an error when using the built-in method.  The issue is that the LTPA key for that browser session has expired.  The can successfully login, but when they try to open a folder is when they get the message about the expired LTPA key.

Any thoughts?

Title: Re: CMOD Embedded SSO via ICN SAML Token
Post by: rjrussel on July 30, 2021, 07:56:29 AM

My recommendation is to open a case with WebSphere. Sounds like something isn't working/configured properly on the WAS side.