How to stop SSO loop

How to stop SSO loop

Problem:  Using webPass or standard form for Single Sign-On (SSO), it submits the credentials but because of bad/wrong credentials it gets stuck in a loop continually submitting credentials.



Cause:  Single Sign-On (SSO) forms use a URL trigger to know when to submit the credentials.  Some websites do not redirect the user to a failed login page after a bad attempt and simply reload the page.  webNetwork will see that trigger again and try to submit again.



Solution(s):  Make both the form trigger URL and startup URL unique by adding a parameter.  

For example, add a ?junk=x to end of URL.  Make sure to test URL with parameter in browser before applying to form object.  You want to make sure it loads the page successfully.  You will also want to test a failed attempt to make sure it does not keep the extra parameter.  If the parameter stays after a failed attempt, we would try to submit again.

Example:
Base URL - https://customer.lenovosoftware.com/LoginPolicy.jsp 
Startup URL w/ parameter - https://customer.lenovosoftware.com/LoginPolicy.jsp?junk=x
Trigger URL w/ parameter - https://customer.lenovosoftware.com/LoginPolicy.jsp\?junk=x

The characters '?' and '&' must be escaped in the Trigger URL with a '\' character.  



webPass form:
  • Go to webAdmin
  • Expand Application Admin
  • Click on desired form object
  • Add the parameter to Startup URL
  • Add the parameter to Login URL
  • Add the parameter to Trigger URL (remember to escape '?' character)
  • Click Save button
  • Reload application (if applicable)
  • Logout
  • Login
  • Test

Client form:
  • Go to webAdmin
  • Go to Application Admin
  • Click on desired application object
  • Add the parameter to Startup URL
  • Click Save button
  • Expand application
  • Click on desired form object
  • Add the parameter to Form Trigger (remember to escape '?' character)
  • Reload application
  • Test


keywords: sso lockout

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...
      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...
      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...
      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...
      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...
      • Related Articles

      • Desktop Loading Loop

        Issue: Users are seeing a login loop, where the SCA profile desktop is being drawn over and over (similar to clicking the browser's reload button). Solution: This was previously seen as an issue with specific Browser Extensions . There is a function ...
      • Stop inbound / outbound replication in AD

        How can I temporarily stop in / outbound replication to a DC ? The following URL Explains the process : http://technet.microsoft.com/en-us/library/cc755360%28WS.10%29.aspx repadmin /options +DISABLE_INBOUND_REPL repadmin /options ...
      • SSO methods explained

        Rundown of SSO Methods: Server Side webPass SSO - This is only available for Virtual web Applications. Uses webPass SSO engine / wizard to build an SSO form which is passed by modifying the form information as it passes through the webNetwork ...
      • Troubleshoot webPass SSO

        Issue Applications setup for webPass are no longer submitting credentials.  How do I go about troubleshooting? Solution Verify the Extension is installed in the browser and active. You should see the webPass "key" button on the browser's toolbar. ...
      • Client side SSO errors

        The customer is getting the following errors when trying to use the client side SSO features in webNetwork for RDP / Citrix.  The first error:  The relay path of 192.168.9.29/axis/services/WebNetworkPortalService is not a valid format.  The second ...