Note: please note that Liferay has renamed its Liferay Experience
Could offerings to Liferay SaaS (formerly LXC) and
Liferay PaaS (formerly LXC-SM).
Issue
- We integrated the Liferay PaaS console with our IDP trough SSO, but sometimes when trying to perform a log in we have a 400 error in OKTA.
- The flow to reproduce this issue is:
- log in SSO -> Ok
- log out
- log in SSO -> ERROR 400
- The error we got from OKTA is 400 (GENERAL_NONSUCCESS).
Environment
- Liferay PaaS
Resolution
- When performing a log in using a Single Sign On system, there are some SAML Assertions used to interchange information between the systems.
- The assertion from the Identity Provider must have the following fields:
- idp.subjectNameId, sent in the assertion as <saml:NameID> has to be an email address.
- firstName
- lastName
Additional Information
Conteúdo Excluesivo para Assinantes
Uma Subscrição do Liferay Enterprise fornece acesso a mais de 1.500 artigos que incluem práticas recomendadas, solução de problemas e outras soluções valiosas. Faça login para obter acesso completo.
Entrar