I am trying to login to a Perspective project that is setup with an identity provider that uses an AD/Database Hybrid user source. My first problem is after I enter my username/password the browser just sits there processing the request. If I stop the browser and click refresh it will go into my project.
My second issue is that I have the AD/Database Hybrid user source setup for SSO, but the project is prompting for my username and password even when I am on a domain computer.
I can’t offer much advice for the first problem (check the gateway logs, there may be something useful logged there), but as for the latter - SSO doesn’t work like that in a browser based security context. SSO using web browsers requires using an identity provider that accepts you’re already logged in, which Ignition’s does not. Look into ADFS for the “proper” way to use SSO with Active Directory from a browser.
How many users are in your AD? If more than a few hundred…Unchek this and add the user in the AD/Hybrid source on the gateway instead.
on #2 your id provider is not working at all. SSO setup is difficult to impossible without your IT groups involvement.We do this, and it’s not painfully hard to setup unless you don’t read the documentation in its entirety. I should know. We ended up using Azure and My Apps to solve SSO. You should check out the following:
https://docs.inductiveautomation.com/display/DOC80/Identity+Providers#IdentityProviders-UsingIdentityProviders
https://docs.inductiveautomation.com/display/DOC80/User+Attribute+Mapping
https://docs.inductiveautomation.com/display/DOC80/Test+Login+and+Logout
