No more SSO after 8.1.33?

Hi,

We have been using SSO on our dev env for a long time. After latest update I can't get it working again. Can't read anywhere in changelogs that it has been removed. Is it just for me or someone else has the same problem?

BR
/M

What kind of SSO / what user sources? What version did you upgrade from?

AD user source (still works to fetch users from AD)

Upgraded from 8.1.27 which works fine still on other dev GW with SSO.

On 8.1.33 AD SSO stopped working.

Nothing in the log.

BR
/M

AD SSO should have stopped working in 8.1.17 unless you explicitly re-enabled it: https://support.inductiveautomation.com/hc/en-us/articles/5979279808397-Active-Directory-SSO-Disabled-for-8-1-17-7-9-20-

Yes I have added to config enable sso.

Well, we didn’t explicitly disable or change anything related to this, but it’s possible something about the JDK 11 to 17 upgrade broke it. We’re not testing or supporting it.

I’ll open a ticket to see if anyone is interested in chasing it down. You can open a support ticket if you want a more official issue on record.

@mwd123 I tested 8.1.32 and 8.1.33 and AD SSO is still working for me.

Could you create a ticket with our support department so we can gather more information about your configuration?

@mwd123 I'm attempting to replicate the issue but haven't been able to yet. I wanted to check in and see if you would either be able to provide more details about your setup? If so, a support ticket is probably the best avenue for sharing that information.

Sorry for late respons, been busy with other things. It's no biggie for us since we only use SSO in dev env. and after upgrade from 8.1.27 to 8.1.33 SSO stopped working. we run on linux. But I also noticed now that I can't manage users any more (my AD-usersource) I'll check the certificates etc. (it still works on other dev env with 8.1.27 and same certificate)

Is this just where the gateway is hosted? Or are you also running the clients on linux? AD SSO is a windows feature, so the clients would have to be launched on Windows.

We run the dev gateway on Linux, the clients are Windows. SSO works fine in 8.1.27.

Could you set the UserSource.ActiveDirectory logger to DEBUG and then try to launch a client? Then could you download the logs and send me a copy? I know there will be some sensitive information, so you could dm me or open a support ticket and I can grab the logs from there.