IIQ 8.3 UI cache issue with SAML SSO enabled

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

Version 8.3

Please share any other relevant files that may be required (for example, logs).

IIQ-quicklink1.PNG
IIQ-quicklink1.PNG1046×179 8.08 KB

Share all details related to your problem, including any error messages you may have received.

Hi Team,

We have recently changed our Login Configuration to use the SSO Configuration (SAML). Since changing we are seeing a new transient issue where upon users authenticating back to IIQ the UI sometimes presents labels wrong (this does not happen everytime)

See screenshot for illustration of the issue present.

To remediate you can:

  1. Open browsing data and clear cached images and files
  2. Or after waiting for around 3-5 minutes and then navigating to a different page, the issue resolves itself
  3. The issue is never present when using incognito

The above seems to point to a cache issue caused by SSO or another contributing factor. We previously had MFA configuration setup and were never presented with the above issue.

Any help with this would greatly be appreciated.

Lewis

2

I have seen this before, but a Ctrl+F5 refresh always fixed it.

I wonder if IIQ is navigating users to a page where it loads the sp-translate message bundles before SSO authenticates them, or possibly before their locale is set. Some kind of a race condition.

If this is reproducible, maybe open the browser’s developer console and see if the following sort of request is present and failing:

GET https://iiq.yourdomain.com/identityiq/ui/rest/messageCatalog?bdd0ed4de58-20230919-192552=&lang=en-us

Specifically, you’re looking for messageCatalog in the URL with an unsuccessful (or empty) return value.

3

Hi Devin,

Thanks for the response. I have taken a look at the HAR file with the issue present and i can see exactly that.

i.e…

 "_priority": "High",
        "_resourceType": "xhr",
        "cache": {},
        "pageref": "page_2",
        "request": {
          "method": "GET",
          "url": "https://iiq.mylocal.com/ui/rest/messageCatalog?482e85d988b-20220829-142216&lang=en-gb",
          "httpVersion": "http/2.0",
          "headers": [],
          "queryString": [
            {
              "name": "482e85d988b-20220829-142216",
              "value": ""
            },
            {
              "name": "lang",
              "value": "en-gb"
            }
          ],
          "cookies": [<Removed>],
          "headersSize": -1,
          "bodySize": 0
        },
        "response": {
          "status": 302,
          "statusText": "",
          "httpVersion": "http/2.0",
          "headers": [
            {
              "name": "cache-control",
              "value": "max-age=600,public"
            },
            {
              "name": "content-length",
              "value": "0"
            },
            {
              "name": "date",
              "value": "Wed, 27 Dec 2023 09:36:36 GMT"
            },
            {
              "name": "location",
              "value": "/ui/500.jsf"
            },
            {
              "name": "pragma",
              "value": "null"
            }
          ],
          "cookies": [],
          "content": {
            "size": 0,
            "mimeType": "x-unknown"
          },
          "redirectURL": "/ui/500.jsf",
          "headersSize": -1,
          "bodySize": 0,
          "_transferSize": 0,
          "_error": null
        },

Do you have any idea what could be causing this? or any idea how we can potentially remediate?

Thanks,
Lewis

4

Hi @lewist, Ideally you should be getting HTTP 200 OK message when the below url is being hit

https://iiq.mylocal.com/ui/rest/messageCatalog?482e85d988b-20220829-142216&lang=en-gb

Are you seeing any errors in the response when you enabled the preserve logs in browsers developer console ?

is it specific to any particular browser ?

5

Hi @vinnysail

Yes compared to a HAR file without the issue we get a HTTP 200 OK message and the returned content.

I can definitely see that the data required to render the labels is present when its successfully returned. Also, when we do have the issue which resolves itself after 3-5 minutes you can then clearly see the change in the response and the labels updated. We are still very much trying to identify the cause, this only has happened since we enabled SSO and was not present when we had MFA only.

We can confirm that this issue occurs in other browsers and is still very transient in when it occurs. (2 - 3 day frequency give or take)

Any indication where best to focus our efforts investigating this would greatly be appreciated.

Thanks
Lewis

6

Are you using the SAML based SSO or Rule based SSO ?
We do have the saml based SSO and we have not got this issue.

7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.