1 Reply Latest reply on Jun 24, 2016 4:45 PM by john.decker

    SSO redirection is getting hanged when accessed through MS word or outlook

    sourabh_lonikar

      Hi everyone,

       

      Some  of the users when accessing application through  link, in outlook or  word document they are redirected to SSO page and page is getting hanged there.

      The issue is replicable for only subset of users consistently.

      They application is accessible when they refresh the hanged page. This is happening when in IE 11. When user switch his default browser to Chrome or FF the issue is not happening.

      Below is the screenshot of hanged page.

       

      Hanged Screen during SSO redirection:

       

      System details of affected users:

      Affected uses machine detail.

       

      Old Machine(No SSO Issue)

      New Machine(Same User : Issue encountered)

      Other Affected Users Machine

      OS/ Version

      Windows 8.1 Enterprise

      Windows 7 Enterprise, SP 1

      Windows 7 Enterprise, SP 1

      IE Version

      11

      11

      11

      MS Office Version

      365 ProPlus – en-us 2013

      Professional Plus 2010

      Professional Plus 2010

       

      As per Jive SAML docs: Understanding SSO with SAML

       

      Jive authentication through SAML includes the following stages: 

      1. A user visits Jive and requests a page that requires authentication.
      2. Jive redirects the user to the configured IdP. The request URL includes a base64-encoded version of some request XML : We encounter issue in this redirect step
      3. If authentication doesn't succeed, the user sees a login screen.
      4. The IdP sends an encoded XML-based response in a redirect to Jive. If the user was successfully authenticated, this response includes the information we need to create a Jive representation of the user.
      5. Jive parses the XML and validates the necessary signatures, decrypting if necessary. A valid response from the IdP at this point indicates the user has been successfully authenticated.
      6. Jive parses the XML response from the IdP and creates or updates the user, using any override attributes you specified in Jive. If users have been seeded beforehand and shouldn't be updated, profile sync can be disabled.
      7. The user is authenticated with Jive and redirected to the requested destination.

       

      We have confirmed from federation IdP team that request does not reach IdP server. Also we are aware of issue Links from Microsoft Office documents don't redirect properly  MS product session issue during authentication. This issue does not qualify since it is affecting only a tiny subset of community.

       

      Following are exact characteristics of this issue:

      *     Occurs only when clicking community link from MS word or office

      *     Occurs only in IE 11 as default browser (other IE versions not tested with). No issue with FF and Chrome.

      *     Occurs for only subset of users (common users characteristic for issue : unknown). Some IE users are unable to replicate this issue.

      *     Hanged page successfully completes SSO login when user explicitly refreshes it.

      *     Node or SAML configurations can be ruled out since not all users are affected.

      *     Instance underwent recent OS patch upgrade.

      *     In successful SSO authentication, deep link is preserved.

       

      Kindly let us know if anyone has encountered such behavior.

       

      CC: bhawesh rautela , pradeepgm

       

      Happy weekend

       

      Regards,

      Sourabh