SAML: Not able to login if the user is already logged in on another application in the browser

[vishesh92]

ISSUE TYPE

• Enhancement Request

COMPONENT NAME

SAML

CLOUDSTACK VERSION

All versions with SAML support

CONFIGURATION

Setup SAML with Azure AD

OS / ENVIRONMENT

SUMMARY

The authentication works but if I open the UI on a Browser which was already used by another application to authenticate against Azure AD I get an error message
https://learn.microsoft.com/en-us/troubleshoot/azure/entra/entra-id/app-integration/error-code-aadsts75011-auth-method-mismatch

As per the document above, we need to set the value for forceAuthn to true. The value is hardcoded as false as of now.

cloudstack/plugins/user-authenticators/saml2/src/main/java/org/apache/cloudstack/saml/SAMLUtils.java

Line 193 in 1d37ff2

authnRequest.setForceAuthn(false);

Another error is that during login, org name being displayed in the UI is same as the URL. The actual value should be same as the value set for saml2.org.name global setting.

EXPECTED RESULTS

Login should work

ACTUAL RESULTS

Login fails with an error

[rohityadavcloud]

Fixed by #9756 (review)