This article documents a known issue where users cannot log in to the Sync Client if both SAML and OAuth are enabled. As a result, authentication fails with a blank screen on Sync client. Repeated warning messages will print out in the server console:
Relay state exceeds 80 bytes, some application may not support this.
The specific conditions are:
- Start up two Liferay DXP platforms
- Deploy the Liferay SAML 2.0, the OAuth Provider and the Sync Client apps to both Liferay Digital Enterprise 7.0 platforms
- Follow the SAML Configuration Steps to configure the first Liferay DXP 7.0 platform as an Identity Provider (IdP) and the second platform as the Service Provider (SP)
- Verify that SSO/SLO using SAML protocols work
- On the SP instance, navigate to Control Panel → Configuration → Sync Connector Admin
- Enable OAuth
- Connect Liferay Sync to the SP
Status: Workaround Available
Currently we have a workaround to resolve this issue. Please add the following filter in
<filter-mapping> <filter-name>Auto Login Filter</filter-name> <url-pattern>/c/portal/oauth/authorize/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping>
You will observe the user can sign in to the Sync client successfully and only one warning message shows up in the server console.
LPS-76246 is raised to provide a permanent fix.
If using the latest version of the Liferay SAML 2.0 app, Fix Pack DE-32 or higher is required. See this article: Important Changes and Support Information for Liferay Connector to SAML 2.0 Version 3.1.0 and Later.