AnsweredAssumed Answered

Does Clarity On Demand support Service Provider Initiated Single Sign On ?

Question asked by matt.okeefe on Sep 1, 2015
Latest reply on Sep 16, 2015 by matt.okeefe

We are new to Clarity On Demand and and accessing it via SAML federated single sign on.

 

We have been advised by CA Support that Clarity On Demand does not support Service Provider Initiated Single Sign On.

However, the On Demand Portal Admin Guide states one of the parameters available is "Identity Provider SSO Service URL: The Identity Provider's Web Service used in case of time-outs, log-outs, and Service Provider Initiated SSO".

We also suspect the On Demand Portal is built with CA SiteMinder which I understand supports Service Provider Initiated SSO.

 

Being limited to Identity Provider SSO means we need to construct links to Clarity in the form https://<identity provider url>?PartnerSpid=<service provider id>TargetResource=<Clarity URL>

Clarity URL's contain "#" and the single sign on interaction between the identity provider, the On Demand Portal and Clarity application results in everything after the # being stripped from the URL.

This means every link to Clarity takes you to the Home page.

 

We can achieve deep linking by replacing the # with %23 in URL's we generate or publish ourselves.  But we cannot do that for URL's generated by Clarity, such as those included in email notifications.

When a user receives an email from Clarity containing a link to a project, dashboard or action, clicking the link always takes them to the home page - unless they have their browser open and have previously accessed Clarity to create a session.

This is clunky and will impact user adoption.

 

Has anyone got Service Provider Initiated SSO working with Clarity On Demand ?

 

Or solved the above problem with a work around ?

Outcomes