Applies to:
4500

Issue:
There may be a scenario where you have configured SSO with MultiGroupSupport and all the configuration is correct and still you are seeing Authorization error on the Web UI Page.

Analysis:

The authorization error is case of Multi Group support can be basically of below 2 reasons:

  • Either application.properties is not correct.
  • There is a different groupNameDelimter value.

For application.properties, you need to make sure that you are making below changes:

  • user.super_admin has the name of correct group which you want to have as a super admin. In case you have multiple groups you need to make sure that you are using ;; to distinguish different groups.
  • update_super_admin_group needs to be set to true.
  • default_group= needs to be kept as blank.
  • In applicationContext-Security.xml in epheSamlFilter <constructor-arg index=”2″ value=”false”/> should be false.

If above doesn’t resolve the issue then you need to make sure what groupNameDelimiter you are getting from your Identity Provided. In case of ADFS we receive , (comma) as a delimiter. We need to make sure that correct value exist in web.xml. You can observe security_group table in ephesoft database and observe what groups entries are getting added.

<init-param>
<param-name>groupNameDelimiter</param-name>
<param-value>;</param-value>
</init-param>