This topic contains 6 replies, has 0 voices, and was last updated by chanarbon 7 years, 8 months ago.
-
AuthorPosts
-
February 16, 2017 at 11:43 am #6464
SererraMikeWe’ve setup Azure SAML for login with Netsuite. If I log into Azure, and choose my NS application, I’m logged in and all works as expected. If I browse to the Netsuite login page, and attempt a login, my expectation is that I will get rerouted to Azure. Instead my login simply fails. From reading the documentation, I think my expectation is correct, but it’s not totally clear to me, and others have indicated they don’t believe this is the functionality. So I’d like clarification.
1. Should I be redirected to Azure if I attempt a login on the NS login page.
2. If so, could someone point me in the right direction as the rest of the setup seems to be correct.
Thanks ,
Mike.
This is a cached copy. Click here to see the original post. -
February 16, 2017 at 10:04 pm #6465
sanket.kumarHello Mike,
1. Should I be redirected to Azure if I attempt a login on the NS login page. – No this will not redirect to Azure if you login on NS login url. If you need this type of similar functionality you can create your custom URL and redirect to Azure SAML url so it will redirect to Azure login page.
-
February 27, 2017 at 11:29 am #6466
chanarbonTo clarify things,
The standard login page, currently, does not initiate a SP-initiated login. For the main reason that the purpose of the login page is for the user credential authenticating users. Users provisioned with SAML only roles have their credentials are being managed by the IDP, which on this case is Azure. You should note that Azure should be the one to initiate on this type of connection unless the access performed to NetSuite is done using deeplinking to a resource link and the Primary Authentication checkbox on the SAML Setup page is checked.
-
February 27, 2017 at 12:15 pm #6467
jejacobHi Mike,
To answer your question:
1. Should I be redirected to Azure if I attempt a login on the NS login page.
No – This is not the behavior. The attempt to login should be initiated by Azure.
Also, the Primary Authentication Method is OPTIONALBy default, PAM is disabled, so if SAML users click a link to access NetSuite when no active session exists they are redirected to NS login page. This will be a trouble for users who does not know their credentials.
When enabled, if a SAML users click a link(i.e: https://system.netsuite.com/app/center/card.nl?c=) this time, user will be redirected to the external IDP login page. Once the login was made from that page, user will be redirected to NS automatically. If there is a live session for the IDP, the user will be directed back to the resource without being asked for credentials.
Hope this helps you.Jacob
-
February 28, 2017 at 12:06 am #6468
chanarbonOriginally posted by jejacob
View Post
Hi Mike,
To answer your question:
1. Should I be redirected to Azure if I attempt a login on the NS login page.
No – This is not the behavior. The attempt to login should be initiated by Azure.
Also, the Primary Authentication Method is OPTIONALBy default, PAM is disabled, so if SAML users click a link to access NetSuite when no active session exists they are redirected to NS login page. This will be a trouble for users who does not know their credentials.
When enabled, if a SAML users click a link(i.e: https://system.netsuite.com/app/center/card.nl?c=) this time, user will be redirected to the external IDP login page. Once the login was made from that page, user will be redirected to NS automatically. If there is a live session for the IDP, the user will be directed back to the resource without being asked for credentials.To reiterate, the use of PAM is for SP-initiated SAML workflow for logins similar to the concept posted on Oasis SAML specs (http://saml.xml.org/wiki/sp-initiate…ifact-bindings). For the login page not redirecting to the IDP login page, it is the expected behaviour as logins using SAML is being managed by an external service which is the IDP
-
February 28, 2017 at 1:33 pm #6469
SererraMikeThanks for the input everyone. I think this will get me going in the right direction.
-
February 28, 2017 at 9:50 pm #6470
chanarbonGood thing Mike. If you are encountering problems with SAML related to this soon, please let me and jejacob know if have filed a support ticket so we could check it with our Support team
-
AuthorPosts
You must be logged in to reply to this topic.