ACS - Unable to open a Share Url using AOS when IDS and SAML are configured for SSO
Our existing documentation for SSO configuration with SAML (https://docs.alfresco.com/sso/topics/saml-v2.html) states that in order to configure ACS with SSO to work with AOS it's necessary to use SAML module in conjunction with the Identity Service (step 7 of documentation).
The AOS "Edit with MS Office" functionality works without issues, but there appears to be an incompatibility with Share when the user tries to open a Share URL within a file that is being edited in AOS. In this scenario Share tries to force the user to login with both SAML and IDS to view the content of the clicked link and in the end the user is unable to see the content of it.
Steps to reproduce
Follow the SSO SAML documentation (https://docs.alfresco.com/sso/topics/saml-v2.html) to configure IDS for SSO and the SAML module for the AOS SSO only
Open a file using the AOS "Edit with MS office" feature from Share
The file becomes editable within MS Office (for example Word)
At this point go back to Share and copy the browser URL of a folder or of a document then paste this URL within the opened Word document
Click on the URL within the Word document to open it
The browser opens a new tab to display the content of the page (the user is already logged within ACS at this point)
The browser opens two tabs displaying authentications errors and the user is unable to display the content of the page.
The first tab shows the default IDS login page with a message saying that the user is already logged in (but no redirect on the actual content of the page) [see attachment "IDS_alreadySignedIn.png"], the second tab shows a SAML authentication error [see attachment "SAML_failedLogin.png"].
Attached you can also find a Fiddler trace collected by the user of all the network requests occurring between Word and Share when the user open the URL link within Word [see attachment "OpenUrlFiddlerTrace.saz"].
I doubt that it is related to AOS at all. I think you can reproduce this problem even without AOS.
All that AOS does here is open MS Word. But it is not required for this problem.
I think this is a problem with the IDS support in Share and deep links into Share
Try to reproduce this without AOS and just use Word to open the new browser tab:
1. Open Share in a browser, log in
2. Open MS Word or any other text editor separately
3. go back to Share and copy the browser URL of a folder or of a document then paste this URL within the opened Word document
4. Click this link in Word. If you are using any other text editor, copy the link, open a browser tab manually, pate it there
Progress has been made building up the environment to firstly replicate the issue and then find and deliver a solution. Whilst we don’t have an eta at the moment every effort is being made to resolve the request as a priority
Hi, , with support from the CX Team this is now being prioritized as a hotfix request. Planning for the release is taking place, more details will follow as a priority.