Hello All,
Context : Clarity 15.7 New UI SSO.
With SSO activated, I've got an error on the logout action.
- On the classic UI, no problem : it redirects to the logout URL configured in CSA
- On the modern UI, an error appears on the click : "Refused to connect to <url_sso> because it violates the following Content Security Policy directive : "connect-src 'self' cdnjs.cloudflare.com fonts.googleapis.com techdocs.broadcom.com"
As a workaround, I added the URL in Security Domains for new UI :
cmn_option_values_ins_sp('CONTENT_SECURITY_DOMAINS', null, null, '<url_sso> ', 1);
Another error occurs : "Access to XMLHttpRequest as <url_sso> from origin <url_sso> has been blocked by CORS policy : Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource."
I tried to modify Tomcat Configuration to add Access-Control-Allow-Origin : * in HTTP Header.
- Solution 1 (Tomcat way) :
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- Solution 2 (Clarity "hard-coded" way) :
<filter>
<filter-name>httpHeaderSecurityFilter</filter-name>
<filter-class>com.niku.union.web.filter.ResponseHeaders</filter-class>
<init-param>
<param-name>header</param-name>
<param-value>Access-Control-Allow-Origin</param-value>
</init-param>
<init-param>
<param-name>value</param-name>
<param-value>*</param-value>
</init-param>
</filter>
I could add the parameter Access-Control-Allow-Origin : * in http headers.
But I still got the same error at the end.
Has anybody already seen this ?
Thx for your help.
Regards,
David
------------------------------
Consultant
CoPrime
------------------------------
Original Message:
Sent: 10-17-2019 10:14 AM
From: David Marchal
Subject: Re: 15.2 New UX - SSO
Hello,
There is a paragraph on this subject in 15.7 documentation here.
- On the Clarity side, you just need to activate SSO in CSA (as before)
- On the SSO side, you need to add rules on /pm et /ppm/rest URI
Right now, I am also trying to make it work.
Regards,
David
------------------------------
Consultant
CoPrime
Original Message:
Sent: 05-17-2018 07:21 PM
From: Deepak Barhate
Subject: Re: 15.2 New UX - SSO
Hello Karthik,
We are facing same issue. User can login to Classic PPM via SSO, but not to New UX.
Which SSO authentication method you are using?
Regards,
Deepak