SSO users are unable to login to the Instance
Reproducing the Issue
Successfactors BizX Suite integrated with SSO (Single Sign On)
loginMethod cookie was set as PWD
1. Go to SF domain in IE
2. Click the Tools button , select F12 developer tool
3. Click Cache -> View cookie information
4. If there is loginMethodCookieKey cookie, then click (Cache->clean cookies for domain).
5. Click Cache -> View cookie information, and make sure there is not loginMethodCookieKey cookie.
For other versions IE browser, may try:
Navigate to SF domain, Click on IE browser.
Make sure the check-box was checked :Cookies and website data, then click “Delete”
Pls note: pls select other check-boxs carefully, such as “Passwords” ,you have to input your credential again once deleted when acces some website next time
Clean up loginMethod cookie in Chrome
Go to SF domain in IE
Click the Tools button, select more tools ->developer tools
Double check cookie
Clean up cookie if there is loginMethod cookie.
Click the lock icon on Chrome browser:
Click “Show cookies and site data” on the dialog ,another dialog will pop-up, then select the domain and view “Cookies” data.
After view the cookie data, click , and select “History and recent tabs”, then click “History”
Click “Clear browser data” button on the pop-up page:
Select “the beginning of the time” and make sure “Cookies and other site and plugin data” is checked, then click ”Clear browsing data”
Pls note: Select other check-boxes carefully, such as “Passwords”, you have to input your credential again once deleted when you access some website next time.
Clean up loginMethod cookie on FireFox:
Navigate to SF domain, click on fireFox browser:
Click “History”, then click “clear recent history”
Select the time and make sure “cookies ” is checked, the click “clear Now":
Pls note: Select other check-boxes carefully, such as “Passwords”,you have to input your credential once deleted when you access some website next time.
Please see attached document for more information.
Question : Do SF support If the customer has mixed login scenario, i.e PWD user and SSO uesr try to login on the same computer ?
Answer : We doesn't support the above scenario officially,
The workaround for the above issue is
i. Clean up the loginMethod as described in the attached document.
ii. Somehow the cookie can't be clean up sometimes, add "loginMethod=SSO" parameter to the SSO user login request
Question: Does including loginMethod= in the URL do anything anymore?
Answer: BizX fetch loginMethod from request at first. Once the system gets it from request, the system will ignore cookie and login_method value in user_account and user_sysinfo table.
Question:If it does, are there certain URL's it works with and others that don't. In the past it seemed that using a ULR with /login in it respected the parameter but /sf/... URL's did not. How about URL's with /home or /sf/home or /start etc?
Answer: It works for all URLs now as SF fixed the related legacy bugs in b1508.
Question: Once the loginMethod cookie is set after logging in OK with either SSO or PWD are there URL's that can override the cookie.
1. The use case for this is if a customer flips a user from PWD to SSO or SSO to PWD. We would like to tell them to use some specific URL rather than forcing them to clear cookies.
• For the user from SSO to PWD case, the cookie will be overwritten to PWD once successfully login.
• For the user from PWD to SSO case:
i)If it is non-SAML SSO protocol, such as token, the cookie will be overwritten to “SSO” once the user successfully login.
ii)If it is SMAL protocol, we cannot add loginMethod to the request. It need clean up the cookie before login.
2. Another use case is the initial login for any user when they don't have a cookie set. That leads back to the initial questions about the URL and parameters.
Right now we have users go to the generic login screen if they are PWD and the deep links default to SSO.The system will ignore login_method value in user_account and users_sysinfo tables if there is loginMethod= in the URL.
Loginmethod SSO Single Sign On , KBA , LOD-SF-PLT-SSO , Single Sign-on , Problem
|Clean up loginMethod cookie in IE 1.1.docx|