We are using 8x8 desktop client which is developed using Adobe Air technology. We want to sign in with our company’s google emails. One process in the middle involves logging into our SAML of course. However, there is one software where UCS’s simplesamlphp template is not rendered properly. I have attached screenshots. We also have deployed test and standalone “simplesamlphp” with standard template which renders fine as you can see on other screenshot.
I suspect the problem is either within 8x8’s client or Adobe Air technology, or that there is something in Univention’s template that the software cannot render. Something… small and simple. But I do not know what.
We are also running on UCS version 4.2-3 which I know is very outdated, however it would take me 2-4 weeks to update to latest UCS version, and maybe that will update our SSO template. However in the meantime, if someone can shed some light into this problem, I will be very happy.
PS I am not trying to blame any software or vendor mentioned here, just want to fix it.
Hello Roman, your first screenshot seems to only show a loading animation with a missing UCS logo in the center. From the information provided i cannot conclude what page is requested.
Your second screenshot shows a simplesamlphp error page. It seems that simplesamlphp was called with insufficient parameters.
For more information you can look into the apache logs and the syslog, where simplesamlphp is logging information. You can also increase the simplesamlphp loglevel.
As i know not enough about the software you are developing or Adobe Air, a generic idea i have is that you could try to hardcode the URL that is requested. The request for the loginpage should be the same that is behind the Google tile in the UCS Portal, it has the form https://ucs-sso.[YOUR_UCS_DOMAIN]/simplesamlphp/saml2/idp/SSOService.php?spentityid=google.com
Thanks for the clarification. so steps 2-5 work with an external browser? Then i am out of ideas, as the issue really seems to lie in the external app, as you suspected.
An approach to this problem could be to check if and how the requests to the SAML login differ between the app and a standalone browser, but it seems to be that the app has to be fixed to make it work, which is out of scope here
Thanks for update. I guess we either have to work it our ourselves or change the provider if it does not work for us as we need. Thanks. If our custom modification will work (hope no problem with Univention licensing) I will update here.
I have done some more digging and found out that 8x8’s Adobe Air version is 22.0 which is from 2016.
The login template screen loads some javascript to load logo and login fields.
I can actually navigate the username and password with “Tab” buttons, typing credentials and proceed with “Enter”.
So the HTML elements are there, I guess it is just a problem rendering JavaScript?
If AdobeAir/22.0 was released in 2016, I guess with rapid JavaScript language development, AdobeAir 22 may be too old now.
I think we can fix this problem by creating our own (and branded) SSO template with no Javascript and complicated CSS, maybe this will fix the problem.
Is there a way to develop our own template which will not get overwritten after UCS upgrades?
Yes that is possible. The Simplesaml documentation has a short chapter about theming.
You can have a look at our theme in the package univention-saml, or on a UCS DC Master/Backup in /usr/share/simplesamlphp/modules/univentiontheme
To activate your theme and make the setting permanent, use ucr set saml/idp/lookandfeel/theme=<yourthemename>, the default is univentiontheme:univention.
Thanks. I have created new theme, a very simple one. Now it is loading fine in software developed with Adobe Air.
Is there a chance it would not work same as Univention’s theme? I guess you might have additional functionality built in to re-authenticate into controllers, etc?
