none
UAG stops SSO after login failure RRS feed

  • Question

  • I have an application that is published in the UAG.  SSO works great for this application as long as I have captured valid credentials.  If the captured credentials are invalid, the UAG proxies the invalid credentials and the application responds with a failed login response.  So far so good.  However, if I modify the stored credentials in the application repository to a valid set of credentials, the UAG will NOT proxy the credentials when I launch the application during the same UAG session.  In order for the UAG to proxy credentials for this application, I need to log out of the portal, log back into the portal and then launch the application.

    When the proxy failure occurs, the UAG trace shows the following error:

    [whlfiltformlogin ProcessHeaderFromBrowser WhlFiltFormLogin.cpp@287] Info:ProcessHeaderFromBrowser: DefineUsageStatus returned with eAppStatus [RepeatedLoginStatus]

    It appears that once the UAG enters this "RepeatedLoginStatus" state, it will no longer proxy credentials for this application during the current session.

    The login URL and login failure URL for this application are identical.

    This application does not define a name for the form.  In order to differentiate the login form from the login failure form, I used appWrap to specify the form name = "errorLoginForm" when the error condition is presented to the user; if the no error condition is present, then I specify the form name = "loginForm", which is also specified in the FormLogin.xml to identify the application login form.  By differentiating the form names, it prevents the UAG from repeatedly proxying the same invalid credentials when login failure occurred.

    Is there any way to get the UAG out of this state and revive SSO during the current session?

     


    Bob
    Friday, April 8, 2011 6:47 PM

Answers

  • Bob, I believe this behavior is by design. If it bothers you very much, please open a support case, which will allow the support engineer to file a request on your behalf to the product team to change this behavior. Naturally, this does not guarantee that it will be accepted, but that's the only way to start such a process.
    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 10, 2011 12:20 AM
    Tuesday, May 10, 2011 12:20 AM