Skip to main content

Hi,

 

I am trying to resolve an authentication issue with a newly created user.

The environment is fully operational with ADFS enabled.

My account authenticates without any issue for the EE client but for a newly created account it can’t log in, my account has been mimicked changing relevant items such as Directory ID in IFS etc. and to be reflective of the user on the AD side.

 

Additionally the user can authenticate though Aurena fine.

 

Many Thanks,

Hello @WyrAndreM,

If you have configured with Azure AD, please try below steps and let us know.


1. Copy the UPN from Azure portal
2. Paste it for the specific user’s “Directory_ID” field in the IEE users window. (This should be entered in upper case.)

 

When ADFS is used as the user repository, the UserPrincipleName of the Active Directory user must be the value that should be entered as the value for DIRECTORY_ID(WEB_USER) field. This should be entered in upper case.

 

Cheers!


Thanks Imal, 

 

The UPN is an exact match for the foundation user tole screen you have highlighted.

The only think that has changed is that the IFS application sits on a new VM and new application groups have been created for the ADFS connection.

 

Many Thanks,


Hello @WyrAndreM ,

Thank you for the information.

Could you please refer to Setting up user synchronization between Active Directory and IFS Applications. to check if you have missed anything  during the newly changed setup?

 

Cheers!


I can’t see what might be different as other users can log in to EE client this one user can only log into Aurena. Will continue to trouble shoot.

 

Thanks.


Hi @WyrAndreM,

 

Given that this is specific to a user and the Native (IEE) and everything is fine with Aurena, most likely the issue is with the UPN sent back to IFS when the authorization request is made for the Native App registration in ADFS. A quick way to validate this would be to use Postman to request an access token using the users credentials and decode the JWT toke to check the content. Your client id for this would be the one used in for the Native client. 

 

 


Thanks Sajith,

 

Have you got examples for the paths from the image provided? I can’t read the elements of the string which aren’t sensitive.

 

Many Thanks,


Hi @WyrAndreM ,

couple of samples is as below

Callback URL: https://fully_qualified_domain_name_of_the_app_server:port>/main/default/clientgateway/oauth2/callback (same as the call back URL for your native app in ADFS registration

 

Auth URL: <your_adfs_base>/adfs/oauth2/authorize (i.e. https://myadfs.mydomain.com/adfs/oauth2/authorize)

Access Token URL: <your_adfs_base>/adfs/oauth2/token

Client ID: your client ID for the native app from ADFS (you can get this from the IFS Admin console)

Client secret: your client secret for app registration (you can get this from the IFS Admin console)

Cheers

 


Thank you all the issue related to the claim rules set for the application groups.