Testing Single Sign-On (SSO) with Upgrade, Clone or Test site

Expand

Collapse

My Service Notifications

Advanced SearchOpens new dialog

Enter plus (+) or minus (-) signs in search terms to make a word required or excluded
Search Tips

Search terms

Screen Reader users press enter to select a Filter by product. Filter by product

Screen Reader users press enter to select a Filter by category. Filter by category

Sort by Direction

Answer ID 8465 | Last Review Date 04/18/2024

How can I configure my Single Sign-On (SSO) functionality to re-direct back to the correct test site I am trying to login from?

Environment:

Oracle B2C Service console when accessing a non-Production region.

Resolution:

Upon creation of a Test site, Upgrade site or a Clone site, you may encounter problems with your Single Sign-On (SSO) functionality when you attempt to login to the console or customer portal. For example, you may be re-directed to your production site after your SSO login for customer portal. When a clone site is created, it copies over the SSO configuration from the production site. If you have previously set up SSO on a test site or upgrade site, you will need to reconfigure your SSO setup after the test site or upgrade site is recreated from the production site. You may need to do one or more of the following on your clone site:

Customer Portal
- If you are getting redirected to the production site after SSO login, check if configuration setting PTA_ENABLED is turned on. If it is enabled and configuration setting PTA_EXTERNAL_LOGIN_URL is populated, disable PTA_ENABLED as this will prevent the redirect back to the identity provider from occurring.
- Update configuration setting PTA_EXTERNAL_LOGIN_URL with the correct value pertaining to the test site if PTA_ENABLED must stay turned on.
- Verify no custom code is causing the incorrect redirect(e.g hardcoded redirect snippets in template files).
- Upload the signing certificate(s) in the File Manager as necessary.
- Update the SAML_20_SIGN_CERTS configuration setting with the correct fingerprint from the signing certificate for the specific site.
Agent Console
- Service Provider Initiated SSO
  - Open navigation component "Single Sign On Configurations" and update the setup of SSO or turn it off all together by clicking the "Active" checkbox.
  - If you are disabling the functionality rather than changing the settings, the profile associated to the affected agent(s) will need to have permission "SSO Login (SAML 2.0)" unchecked as well.
- Identity Provider Initiated SSO
  - Update identity provider with the test/upgrade/clone site assertion consumer url.
  - Upload the signing certificate(s) in the File Manager as necessary
  - Update the SAML_20_SIGN_CERTS configuration setting with the correct fingerprint from the signing certificate for the specific site
- Email address as SAML subject
  - Edit the staff account or contact record for anyone testing this functionality. Remove ".invalid" from the end of each email address. This will allow the email in the subject to match the account email or contact record email.
- If you are unable to log on at all to change the settings because all users are on profiles with SSO authentication enabled:
  - You can use the System-Defined Administrator Account to edit a user's profile so that they can log in using local authentication, and reset their password if needed. Assuming the profile has the permission, the user can then access Single Sign-On Configurations as needed. As with any data or user-defined configuration, Technical Support is unable to edit profiles in your environment on your behalf.

Note: If an existing SSO connection exists and the site's hostname is modified, you must re-export and import the service provider metadata or manually reconfigure the settings in the identity provider (IdP) to reflect the updated URLs.

For more information regarding enabling/disabling Single Sign-On, refer to the documentation for your version in Documentation for Oracle RightNow CX Products.

If you have configured SSO on your upgrade site, please see what site the following features are carried forward from during cutover:

The SSO_ENTITY_ID configuration setting is a unique setting in that the value from this configuration setting is carried forward from the production site during cutover. When the upgrade site is created, the value in this configuration setting on the upgrade site will be blank. Two sites cannot have the same value in the SSO_ENTITY_ID configuration setting otherwise SSO will not work as expected. You can update the SSO_ENTITY_ID configuration setting on your upgrade site if you are testing SSO. See Change SSO entity ID for more information.
The Identity Provider set up in the Single Sign-On Configurations component will carry forward from the production site during cutover.
The SSO certificates uploaded in the File Manager will carry forward from the upgrade site during cutover.
The value in the SAML_20_SIGN_CERTS configuration setting will carry forward from the upgrade site during cutover.

Loading...

Login

How can I configure my Single Sign-On (SSO) functionality to re-direct back to the correct test site I am trying to login from?

Was this answer helpful?

Still have questions?

Available Languages for this Answer:

Related Answers

Login