SAP Knowledge Base Article - Public

2238747 - [SSO] How to clean up the "loginMethod" cookie in various browser?

Symptom

  • Users are unable to login in the instance through the SSO;
  • Users aren't being authenticated automatically in the system;
  • Users aren't being directed to the SSO Vendor's login page.
  • Users are getting another page as homepage instead the common one.

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

  1. Access the SSO URL via browser;
  2. Instead reach the system automatically or get the SSO Vendor's login page, the user is directed to the SuccessFactors common login page.

Cause

The 'loginMethod' cookie may be still storing your loginMethod as "PWD" in the browser.

Resolution

Cleaning up the cookie will likely fix this behavior should you've been experiencing it.

To do that, please go through the below steps for each browser accordingly:

  • Clean up loginMethod cookie in IE
  1. Go to SF domain in IE;
  2. Click on the "Tools" button then in the "F12" to access the Developer Console;
  3. Click Cache > View cookie information;
  4. If there is loginMethodCookieKey cookie, then click Cache > Clean cookies for domain. 
  5. Click Cache > View cookie information, and make sure there is no loginMethodCookieKey cookie there.
  6. Login.

Also, it's important to clean the pages caching. To do that, go through the following steps:

  1. Navigate to SF domain then click on IE browser;
  2. Make sure the checkboxes "Cookies" and "Website data" was checked then click “Delete”;
  • Important: select the other check-boxes carefully, such as “Passwords”,you have to input your credential again once deleted when access some website next time.
  • Clean up loginMethod cookie in Chrome
    • Go to SF domain in IE;
    • Click the "Tools" button > Select "More Tools" > Select "Developer tools";
    • Check the Cookies section;
    • Clean up the "loginMethod" cookie.

  • Clean up loginMethod cookie in FireFox:
    • Navigate to SF domain and click on fireFox browser;
    • Click “History”, then click “Clear recent history”;
    • Select the time and make sure “cookies ” is checked, the click “Clear now".

Important: take care of unmarking the "Password" checkbox, otherwise all the passwords saved on browser will be cleaned up as well.

-----------------------------------------------------------

Question and answers section:

  • Question: Do SF support it if the customer has mixed login scenario, i.e PWD user and SSO user try to login on the same computer?
    • Answer: We doesn't support the above scenario officially.
    • The workaround for the above issue is:
      • i. Clean up the loginMethod as described in the attached document.
      • ii. Somehow the cookie can't be cleaned up sometimes. Add "loginMethod=SSO" parameter to the SSO user login request.

  • Question: Does including loginMethod in the URL do anything anymore?
    • Answer: BizX fetch loginMethod from request at first. Once the system gets it from request, the system will ignore cookie and login_method value in user_account and user_sysinfo table.

  • Question: If it does, are there certain URL's it works with and others that it don't. In the past it seemed that using a ULR with /login in it respected the parameter but /sf/... URL's did not. How about URL's with /home or /sf/home or /start etc?
    • Answer: It works for all URLs now as SF fixed the related legacy bugs in b1508.

  • Question: Once the loginMethod cookie is set after logging in OK with either SSO or PWD are there URL's that can override the cookie?
    • Answer 1) The use case for this is if a customer flips a user from PWD to SSO or SSO to PWD. We would like to tell them to use some specific URL rather than forcing them to clear cookies.
      • For the user from SSO to PWD case, the cookie will be overwritten to PWD once successfully login.
      • For the user from PWD to SSO case:
        • If it is non-SAML SSO protocol, such as token, the cookie will be overwritten to “SSO” once the user successfully login. 
        • )If it is SMAL protocol, we cannot add loginMethod to the request. It need clean up the cookie before login.
    • Answer 2) Another use case is the initial login for any user when they don't have a cookie set. That leads back to the initial questions about the URL and parameters. Right now we have users go to the generic login screen if they are PWD and the deep links default to SSO.The system will ignore login_method value in user_account and users_sysinfo tables if there is loginMethod= in the URL.

See Also

2088628 - Start Page feature | How to chose a personal Start Page for you

Keywords

loginMethod, loginMethod cookie, cookie, SSO, PWD, browser history, browser cookie, cache. , KBA , LOD-SF-PLT-SSO , Single Sign-on , Problem

Product

SAP SuccessFactors HXM Suite all versions

Attachments

Clean up loginMethod cookie in IE 1.1.docx