Purpose (problem description)

This page helps with the issue where the Engineering Dashboard (ED) redirects to another page, usually the AED main page, after a short period of browsing.

This page is specifically for cases dealing with this redirection when SAML is configured as the authentication mode.

For more information on setting up the  ED for SAML, please see this page: User authentication

Observed in CAST Version


Release

Yes/No

8.3(tick)
Observed in RDBMS

RDBMS

Yes/No

CSS N/A
Step by Step Scenario
  1. Deploy Dashboard war and configure it with SAML authentication mode
  2. Connect to dashboard
  3. While browsing, redirection occurs back to the CAST main page.
Action Plan

Perform the below actions

  1. Check with the SAML administrators and ask them to check and verify the token expiration time that has been setup for the CAST dashboard. The expiration time should allow for a 'reasonable' time for browsing the dashboard; 'reasonable' being the amount of time determined by the end customer.
  2. If the SAML administrators indicate that this is set properly and the redirection issue persists, then verification should be done to ensure that the token expiration obtained by CAST has the proper expiration time.
    1. Use the CAST dashboard package version 1.10 or greater.  This version now has logging for SAML token expiration.  In the log, there are messages like this :

      2019-04-16 23:52:23,445| INFO | https-jsse-nio-443-exec-1 | com.castsoftware.adg.webservice.resource.ApplicationResource | token name : XXXXXXXX
      2019-04-16 23:52:23,445| INFO | https-jsse-nio-443-exec-1 | com.castsoftware.adg.webservice.resource.ApplicationResource | token expiration : Tue Apr 16 23:53:26 PDT 2019

      From the message above you can see that in this case, the token expiration is set for just a little over a minute.

    2. If having problems, Contact CAST Technical Support. and ask about obtaining debugging information for SAML token expiration. 
  3. If this solution does not resolve your issue then contact CAST Technical Support with this Relevant input

 

Relevant input

  • CAST Support Tool (CST) - alias Sherlock export with the following options CAST Bases Checker, Export Logs, Export Configuration files, Export Computer Environment, Export CAST Bases with Management Base, Knowledge Base, Central base and CAST AAD/AED Folder.
  • Screenshot of  ED showing the error
  • SAML version being used
  • SAML system being used (ADFS, non-ADFS, specific vendor, specific version)
  • restapi.log with SAML tracing turned on.   (For SAML tracing, edit the log4j2.xml file similarly to LDAP but uncomment the section for SAML logging - CAST Dashboard Package - Configuring the Log and Audit Trail)
  • HTTP request logging between the browser and the web application server 
    • Install the following tool https://www.telerik.com/fiddler
    • Open the tool and click on tools > Options...
    • Click on HTTPS then check "capture HTTPS CONNECTs" and "Decrypt HTTPS traffic" and finally click on "OK"
    • Reproduce the issue of redirection
    • Click on File  > Save > ALL Sessions:


      5. Save the file then provide it with the other information above.
Notes/comments

Ticket # 16985

Related Pages