ACS - Unable to open a Share Url using AOS when IDS and SAML are configured for SSO

Description

Description

  • Our existing documentation for SSO configuration with SAML (https://docs.alfresco.com/sso/topics/saml-v2.html) states that in order to configure ACS with SSO to work with AOS it's necessary to use SAML module in conjunction with the Identity Service (step 7 of documentation).
    The AOS "Edit with MS Office" functionality works without issues, but there appears to be an incompatibility with Share when the user tries to open a Share URL within a file that is being edited in AOS. In this scenario Share tries to force the user to login with both SAML and IDS to view the content of the clicked link and in the end the user is unable to see the content of it.

Supporting evidence

Steps to reproduce

  • Follow the SSO SAML documentation (https://docs.alfresco.com/sso/topics/saml-v2.html) to configure IDS for SSO and the SAML module for the AOS SSO only 

  • Open a file using the AOS "Edit with MS office" feature from Share

  • The file becomes editable within MS Office (for example Word)

  • At this point go back to Share and copy the browser URL of a folder or of a document then paste this URL within the opened Word document

  • Click on the URL within the Word document to open it

Expected Behaviour

  • The browser opens a new tab to display the content of the page (the user is already logged within ACS at this point)

Observed Behaviour

  • The browser opens two tabs displaying authentications errors and the user is unable to display the content of the page.
    The first tab shows the default IDS login page with a message saying that the user is already logged in (but no redirect on the actual content of the page) [see attachment "IDS_alreadySignedIn.png"], the second tab shows a SAML authentication error [see attachment "SAML_failedLogin.png"].
    Attached you can also find a Fiddler trace collected by the user of all the network requests occurring between Word and Share when the user open the URL link within Word [see attachment "OpenUrlFiddlerTrace.saz"].

Environment

None

Testcase ID

None

Activity

Show:
Stefan Kopf
December 2, 2020, 3:26 PM

I doubt that it is related to AOS at all. I think you can reproduce this problem even without AOS.

All that AOS does here is open MS Word. But it is not required for this problem.
I think this is a problem with the IDS support in Share and deep links into Share

Try to reproduce this without AOS and just use Word to open the new browser tab:
1. Open Share in a browser, log in
2. Open MS Word or any other text editor separately
3. go back to Share and copy the browser URL of a folder or of a document then paste this URL within the opened Word document
4. Click this link in Word. If you are using any other text editor, copy the link, open a browser tab manually, pate it there

Andrew Leach
November 20, 2020, 11:06 AM

Progress has been made building up the environment to firstly replicate the issue and then find and deliver a solution.  Whilst we don’t have an eta at the moment every effort is being made to resolve the request as a priority

Andrew Leach
November 16, 2020, 5:42 PM

Hi, , with support from the CX Team this is now being prioritized as a hotfix request. Planning for the release is taking place, more details will follow as a priority.

Done

Assignee

Alexandru Epure

Reporter

Damiano Mondardo

Labels

Escalated By

CSO

Security Issue

None

ACT Numbers

01016103

Premier Customer

None

Code Branch

None

Build Location

None

Regression Since

None

Work Funnel End

None

Patch Attached

None

Dependent Version/s

None

Cloud or Enterprise

None

Prioritization Score

None

Delivery Team

Customer Excellence

Bug Priority

Category 2

Fix versions

Affects versions