Message Image

Skip main navigation (Press Enter).

Rally Software

Back to discussions

Expand all | Collapse all

Best practice for SSO with vanity URLs

Jump to Best Answer

Legacy UserOct 25, 2015 03:23 PM

We're trying to implement Ping SSO (currently hybrid, planning for SSO-only with exceptions) and have ...

Legacy UserFeb 06, 2016 11:39 AMBest Answer

Answering this one myself just for the benefit of the community. We learned that on SSO only it doesn't ...

1. Best practice for SSO with vanity URLs

0 Recommend
Legacy User
Posted Oct 25, 2015 03:23 PM

Reply Reply Privately
We're trying to implement Ping SSO (currently hybrid, planning for SSO-only with exceptions) and have encountered a problem that I can't imagine is unique. The scenario is this:
Log in to Rally (on or off the organization's network domain) using SSO from (for example) http://rally.domain.com
Browse to a work item and copy its URL- which will start with https://rally1.rallydev.com
Close your browser session and open a new one
Paste the URL and you get prompted for Rally sign in, not SSO
Should we expect the same result when we toggle to SSO-only with exceptions? There are many scenarios where we expect to encounter "native" Rally URLs (e.g. watch and notification emails) and we can't capture and rewrite if the user happens not to be logged on to the domain. Thanks in advance!
2. Re: Best practice for SSO with vanity URLs
Best Answer

0 Recommend
Legacy User
Posted Feb 06, 2016 11:39 AM

Reply Reply Privately
Answering this one myself just for the benefit of the community. We learned that on SSO only it doesn't matter where the request originates from. If an SSO user is on the domain and has a token then everything "just works" with or without the vanity URL and if off the domain then going to a link under rally1.rallydev.com will check for a valid token and then pop the authentication prompt for our IDP, after which the user is delivered to the requested page.

Copyright 2023. All rights reserved.

Powered by Higher Logic