Note: please note that Liferay has renamed its Liferay Experience
Could offerings to Liferay SaaS (formerly LXC) and
Liferay PaaS (formerly LXC-SM).
Issue
- We integrated the Liferay PaaS console with our IDP trough SSO, but sometimes when trying to perform a log in we have a 400 error in OKTA.
- The flow to reproduce this issue is:
- log in SSO -> Ok
- log out
- log in SSO -> ERROR 400
- The error we got from OKTA is 400 (GENERAL_NONSUCCESS).
Environment
- Liferay PaaS
Resolution
- When performing a log in using a Single Sign On system, there are some SAML Assertions used to interchange information between the systems.
- The assertion from the Identity Provider must have the following fields:
- idp.subjectNameId, sent in the assertion as <saml:NameID> has to be an email address.
- firstName
- lastName
Additional Information
Contenido exclusivo para suscriptores.
Una Suscripción Enterprise de Liferay proporciona acceso a más de 1.500 artículos que incluyen las mejores practicas, diagnóstico de problemas y otras soluciones útiles. Inicia sesión para tener un acceso completo.
Inicia sesión