Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom policies getting mixed together #51

Open
ghost opened this issue May 22, 2019 · 2 comments
Open

Custom policies getting mixed together #51

ghost opened this issue May 22, 2019 · 2 comments

Comments

@ghost
Copy link

ghost commented May 22, 2019
edited by ghost
Loading

I have two custom policies (six total files) that are very similar. They both allow signin through two of three ADFS servers I have set up. One server is shared by each policy and each policy also has its own server. For the unique ADFS servers, they each have a different technical profile policy1-SAML and policy2-SAML. For the shared server, each policy has its own technical profile but both technical profiles have the same name e.g. SharedProfile although the ClaimsExchange referencing the technical profile has a different name e.g.

Policy 1:
<ClaimsExchange Id="policy1Exchange" TechnicalProfileReferenceId="SharedProfile"/>

Policy 2:
<ClaimsExchange Id="policy2Exchange" TechnicalProfileReferenceId="SharedProfile"/>

If I sign in to policy 1 using the policy1Exchange, then open policy 2 and sign in using the policy2Exchange, policy 2 crashes after being unable to find the claims exchange from the other policy.

{
    "Kind": "FatalException",
    "Content": {
      "Time": "4:22 PM",
      "Exception": {
        "Kind": "Handled",
        "HResult": "80131509",
        "Message": "Claims exchange with id 'policy1Exchange' could not be found in orchestration step '2' and the step contains more than one claims exchange.",
        "Data": {}
      }
    }
  }

I was able to fix this by renaming the technical profile inside policy 2 which now has

<ClaimsExchange Id="policy2Exchange" TechnicalProfileReferenceId="Policy2SharedProfile"/>

I wouldn't expect two policies that aren't related to get their technical profiles mixed together like this.
@xinaxu
Copy link
Contributor

xinaxu commented May 29, 2019

This might be related to SSO which tries to select the claims exchange previously successfully logs you in.

@cranarma
Copy link

Any update on this? I'm still experiencing the same issue when combining a HRD policy with an embedded password reset one.
I've tried renaming TechnicalProfile ids to there won't be name collisions, moving the order of OrchestrationSteps as suggested on https://stackoverflow.com/a/67890379 but nothing seems to make it work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cranarma @xinaxu