Forum Discussion
Thanks for taking the time to reply.
I think I understand the conditions you outline, however can I clarify the first part of your response?
So, if an SSO profile is not assigned to a Portal resource item, which are essentialy ACLs, then a profile assigned to the Access Policy will be used. Does there need to be an SSO profile assigned to the Access Policy for SSO to work, or can you simply assign these to the resource items and leave the Access Policy SSO configuration set to none?
Apart from the single occasion when I happened apon a working config combination, I don't see the SSO agent referenced in the logs. I believe that entries were prefixed with somthing like SSO v2 (or similar). On this occasion I could see the requested paths and entries when URI's used for form detection were matched. Since making changes, I now seem unable to trigger SSO at all.
Is what I am trying to achieve possible?
- user authenticates successfully
- username & password are assigned to user SSO session vars
- user follows webtop link to resource A
- SSO profile attached to resource A detects SSO URI and using javascript inserts & posts session vars to login script
- user follows webtop link to resource B
- SSO profile attached to resource B detects different URI and posts session vars to resource B login script
Apologies for all the questions, I am new to APM and I've been at a dead-end with this for many days.
I'm facing a very similar situation. What is super aggravating is that I have SSO configured, but it never does anything when launching a portal access link from within the webtop. It's a very simple form-based authentication mechanism. And there is nothing logged to syslog or /var/log/apm so I have no idea what is going on. Trying to troubleshoot that is ridiculous because there's nothing to go on. I don't even know if what I am doing is right! These guys are about to have to type in their passwords twice because I'm done! Hah...