No more SSO after 8.1.33?

mwd123 · November 8, 2023, 9:00am

Hi,

We have been using SSO on our dev env for a long time. After latest update I can't get it working again. Can't read anywhere in changelogs that it has been removed. Is it just for me or someone else has the same problem?

BR
/M

Kevin.Herron · November 8, 2023, 12:02pm

What kind of SSO / what user sources? What version did you upgrade from?

mwd123 · November 8, 2023, 1:07pm

AD user source (still works to fetch users from AD)

Upgraded from 8.1.27 which works fine still on other dev GW with SSO.

On 8.1.33 AD SSO stopped working.

Nothing in the log.

BR
/M

Kevin.Herron · November 8, 2023, 1:16pm

AD SSO should have stopped working in 8.1.17 unless you explicitly re-enabled it: https://support.inductiveautomation.com/hc/en-us/articles/5979279808397-Active-Directory-SSO-Disabled-for-8-1-17-7-9-20-

mwd123 · November 8, 2023, 1:33pm

Yes I have added to config enable sso.

Kevin.Herron · November 8, 2023, 2:09pm

Well, we didn’t explicitly disable or change anything related to this, but it’s possible something about the JDK 11 to 17 upgrade broke it. We’re not testing or supporting it.

I’ll open a ticket to see if anyone is interested in chasing it down. You can open a support ticket if you want a more official issue on record.

avaughn · November 9, 2023, 3:04pm

@mwd123 I tested 8.1.32 and 8.1.33 and AD SSO is still working for me.

Could you create a ticket with our support department so we can gather more information about your configuration?

avaughn · November 21, 2023, 5:06pm

@mwd123 I'm attempting to replicate the issue but haven't been able to yet. I wanted to check in and see if you would either be able to provide more details about your setup? If so, a support ticket is probably the best avenue for sharing that information.

mwd123 · November 23, 2023, 7:24am

Sorry for late respons, been busy with other things. It's no biggie for us since we only use SSO in dev env. and after upgrade from 8.1.27 to 8.1.33 SSO stopped working. we run on linux. But I also noticed now that I can't manage users any more (my AD-usersource) I'll check the certificates etc. (it still works on other dev env with 8.1.27 and same certificate)

avaughn · November 27, 2023, 4:14pm

Is this just where the gateway is hosted? Or are you also running the clients on linux? AD SSO is a windows feature, so the clients would have to be launched on Windows.

mwd123 · November 28, 2023, 7:17am

We run the dev gateway on Linux, the clients are Windows. SSO works fine in 8.1.27.

avaughn · November 28, 2023, 2:43pm

Could you set the UserSource.ActiveDirectory logger to DEBUG and then try to launch a client? Then could you download the logs and send me a copy? I know there will be some sensitive information, so you could dm me or open a support ticket and I can grab the logs from there.