Authentication using SAML and OKTA through SSO service of Bluemix is going into a loop

452 views Asked by At

We have built a Node.js application hosted on Bluemix. It is using the single sign on (SSO) service of Bluemix. It is using SAML (as identity provider) with OKTA. The login page is coming and the valid id/password is also authenticated properly but after that it is not going to the next page. Instead it is falling into a redirection loop (the loop is moving between the 'part of the location tag value in element of the SAML 2.0 Service Provider metadata file' and 'location tag value in element of the SAML 2.0 Identity Provider metadata file.

It is moving between 'https://enterprisesso-xnx0aiexli-cl12.iam.ibmcloud.com/idaas/oidc/endpoint/default/authorize?response_type=code&client_id=Z9lhrzrZHy&redirect_uri=http%3A%2F%2FTestEnterpriseSSO.mybluemix.net%2Fauth%2Fsso%2Fcallback&scope=openid%20openid' and 'https://dev-145646.oktapreview.com/app/ibmindiapvtltddev145646_mytestlogin_1/exk8zl2nzy1jf7upz0h7/sso/saml'

Node.js code snippet (in addition we have all the related code for using SSO which is copy pasted from Bluemix docs):

app.post('/auth/sso/callback',function(req,res,next) {               
    var redirect_url = req.session.originalUrl;  
    if(!redirect_url){
        redirect_url = '/';
        console.log('redirect_url1'+redirect_url);
    }
    passport.authenticate('openidconnect', {
            successRedirect: redirect_url,                                
            failureRedirect: '/failure',                        
 })(req,res,next);
    console.log('redirect_url2'+redirect_url);    
});

Console logs are printing okay.

1

There are 1 answers

1
Jenny Totterdell On

This really can not be answered without a more in depth review. Please could you open a ticket via the Bluemix support portal, so that we can collect all the information and if necessary involve our DevOps team.