locked
SSO with UserVoice RRS feed

  • Question

  • Hi Everyone,

    I configured both AAD and uservoice.com to get SSO enabled, by following provided resources (http://social.technet.microsoft.com/wiki/contents/articles/26041.tutorial-azure-ad-integration-with-uservoice.aspx). Everything seemd to work, but I got errors at login in below both cases:

    - From http://myapps.microsoft.com : after clicking on UserVoice logo, IE is redirected to https://*.uservoice.com/saml/consume, which of course is not accepted

    - From my uservoice tenant url (http://corpdemo.uservoice.com), after clicking on Login link, IE opened a new page at this URL (https://login.windows.net/c047b395-62a0-4c4f-8902-754fea4922a7/saml2?return=%2Flogin_success&uv_login=1&uv_size=popup&uv_ssl=1) but it displayed a connection error "Correlation ID: (...) Timestamp: (...) AADSTS75005: The request is not a valid Saml2 protocol message.".


    Any idea about my issue ?

    Jean-Luc

    Tuesday, September 30, 2014 9:02 AM

Answers

  • This should be a setup issue in UserVoice Portal. Once you reach the tenant specific page on UsesrVoice, you are supposed to be redirected to login.windows.net for SSO.

    My email address is erilai@Microsoft.com. Please send me a screen shot of your setup page on UserVoice Portal.

    Wednesday, October 8, 2014 9:46 PM

All replies

  • Hi,
     Thanks for posting.
     We are currently investigating this issue to find out if its from our end and might take some time, if the issue is impacting your production i would recommend you create  a support request (http://azure.microsoft.com/en-us/support/options/) so that a technician can work with you on this issue for faster resolution.
    Regards,
    Nithin.Rathnakar
    Tuesday, September 30, 2014 3:39 PM

  • Hi Jean,

    Sorry to hear that you have trouble getting SSO to work. When you setup SSO in Azure side, you should be asked to provide a Sign In URL. Please make sure you input: http://corpdemo.uservoice.com. It should resolve the issue for your redirection in http://myapps.microsoft.com. Regarding your secondissue, we will continue to investigate.

    Tuesday, September 30, 2014 5:31 PM
  • @Nithin: it is not production, it is for a public event so I would prefer it working :)

    @Eric: thanks for your investigation. I tried your suggestion but neither reconfiguring the sign in URL, neither full removal and reconfiguration of uservoice app from AD has resolved the issue.
    Note that I got same issues on Windows 7 / Windows 8.1 and IE 11 or FF 32.0.2. I tried also a different user from same AAD but got same results. I have configured SSO for zendesk.com app as per provided technet wiki with same AAD and users, but I still have the same issues (from myapps.microsoft.com redirection is done toward "https://*.zendesk.com/access/saml", and from zendesk.com I got "AADSTS75005: The request is not a valid Saml2 protocol message").
    Tested users are part of O365 directory, so from myapps.microsoft.com they have Exchange & SharePoint online logos and these work fine.

    Tuesday, September 30, 2014 7:32 PM
  • Hi Jean,

    I think we have two issues here:

    1) Redirection is incorrect - I have identified the problem. The related fix should be rolled out end of date Oct01 latest.

    2) AADSTS75005 Error - This may be related to first the issue. I will have a better idea once we get over the first issue and investigate.

    Wednesday, October 1, 2014 1:07 AM
  • Issue #1 should be resolved by now. Please let me know if you still experience any difficulty in that front.
    Wednesday, October 1, 2014 8:38 PM
  • Thanks Eric for the update.

    About issue#1, the good news is that redirection is now working: the user is redirected to the correct tenant page at uservoice.com. However the bad news is that the user is not authenticated at uservoice side, the web page still provide the "login" link and I was expected to be automatically authenticated through SSO.

    About issue #2, I still got same behavior.

    Wednesday, October 1, 2014 8:52 PM
  • I am glad to know that one of the issue is resolved.

    Regarding the login link that you received, this is because the particular user is not already login to Azure Active Directory. I will notify my coworkers in the related team to response to that.

    Wednesday, October 1, 2014 11:44 PM
  • Jean,

    Once you click the "login link" you hit issue #2 (i.e.  "Correlation ID: (...) Timestamp: (...) AADSTS75005: The request is not a valid Saml2 protocol message.".).

    Is this correct?

     


    Y Pereira

    Thursday, October 2, 2014 6:17 PM
  • I am not sure to understand you comment "user is not already login to Azure Active Directory". The Scenario is: user goes to myapps.microsoft.com, then he logins user his AAD credentials, then he gets the myapps page with logos, when he clicks on uservoice, he is (correctly now) redirected to uservoice tenant, but uservoice does not considered him as authenticated, that is why there is the "login" link on uservoice tenant page.

    Friday, October 3, 2014 7:24 AM
  • Correct. This the "login" link which is displayed on uservoice tenant page, although user was already authenticated when going to myapps.microsoft.com
    Friday, October 3, 2014 7:25 AM
  • Thank you very much for the information Jean.

    If redirection stopped at UserVoice Tenant page. This is a setup issue in UserVoice tenant. What is suppose to happen is that when a User login to myapps.microsoft.com, the user will be redirected to UserVoice Tenant page. With a proper setup, UserVoice should redirect the user again to https://login.windows.net/c047b395-62a0-4c4f-8902-754fea4922a7/saml2 for SSO. I believe you have this piece working base on your post on Sept30.

    At this point, I would refer you back to http://social.technet.microsoft.com/wiki/contents/articles/26041.tutorial-azure-ad-integration-with-uservoice.aspx, in particular step 6-10 for Configuring Single Sign-On.

    Friday, October 3, 2014 6:02 PM
  • I have applied properly all steps described in the wiki, however after user is authenticated and logged on myapps, he is not recognized as authenticated by uservoice after clicking on uservoice logo. I have configured and added zendesk to the user but the behaviour is same, which probably means that it is not related to sites implementation.

    So currently, my best assumption is that there is an issue with SSO/SAML transmission, that is why I got the issue #2 and its related error message, and I think issue #1 is similar but I just don't get the error message because the authentication window does not popup (and should not as user is supposed to be already authenticated).

    You previously raised that "user is not already login to Azure Active Directory", so I have reconfigured uservoice SSO and associated it to another user from another AAD with Azure co-admin right. Unfortunately, when clicking on uservoice logo (on myapps), IE is redirected to https://account.activedirectory.windowsazure.com/applications/corpdemo.uservoice.com with 404 error.

    Tuesday, October 7, 2014 7:43 PM
  • Hi Jean,

    While I continue looking at this issue, I would like to confirm with you that when you setup SSO, you input the full URL for Sign In URL: "https://corpdemo.uservoice.com", NOT just "corpdemo.uservoice.com".

    Tuesday, October 7, 2014 9:36 PM
  • Sorry in my last test (404 error) I forgot to add https prefix. After fixing it, the behavior is now consistent with issues #1 and #2.
    Tuesday, October 7, 2014 10:41 PM
  • Hi Jean,

    My understanding now is that you are able to login to Access Panel (myapps.microsoft.com) and redirect to UserVoice login page (https://corpdemo.uservoice.com). Are still experiencing issues?

    Wednesday, October 8, 2014 6:34 PM
  • Hi Eric,

    Current status is that I am able to login to Access Panel (this has always worked fine), and redirect to uservoice login page works also. Issue (#1) remains that uservoice login page asks for credentials, and I expected to be authenticated as I configured SSO at both AAD & uservoice sides.


    Wednesday, October 8, 2014 8:22 PM
  • This should be a setup issue in UserVoice Portal. Once you reach the tenant specific page on UsesrVoice, you are supposed to be redirected to login.windows.net for SSO.

    My email address is erilai@Microsoft.com. Please send me a screen shot of your setup page on UserVoice Portal.

    Wednesday, October 8, 2014 9:46 PM
  • Hi Eric,

    I have a very similiar problem will send you a screen shot of my login.Windows.net page including the URL's used

    Friday, October 24, 2014 6:31 AM
  • Hi Eric.

    Was this issue resolved? We are currently experiencing the same issue related to SAML message error.

    Tuesday, August 4, 2015 3:58 PM
  • Having same issue here.

    Additional technical information:
    Correlation ID: 91480952-7172-4da2-b4d5-b8caa05395a6
    Timestamp: 2015-09-03 16:36:38Z
    AADSTS75005: The request is not a valid Saml2 protocol message.

    Thursday, September 3, 2015 4:37 PM