IIQ Login popup

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

We have set up SSO for our SailPoint IIQ environments. However, we do see an intermittent issue of a login pop up.

We did implement a few recommendation from SailPoint support to comment out following BOLDED entry from web.xml

<init-param>
<param-name>promptLoginUrl</param-name>
<param-value>/home.jsf</param-value>
**<!-- <param-value>/login.jsf?prompt=true</param-value> -->**
</init-param>
<init-param>
<param-name>promptMobileLoginUrl</param-name>
<param-value>/ui/index.jsf</param-value>
**<!-- <param-value>/ui/login.jsf?prompt=true</param-value> -->**
**</init-param>**

this has not helped us much.

Has someone encountered such issue and what has the resolution implemented?

loginPopUp
loginPopUp1690×606 59.8 KB

2

@rabshrestha I think, it’s an issue with the sticky session. If you are using load balancer, based on the load, the LB moves the request from one server to to another. If we don’t have configured stickey session correctly, in those cases cases, we mostly see the relogging issue.
Please let me know, if that’s not the case for you.

Thanks,
Sam

1 Like
3

Hi @rabshrestha ,

An intermittent SSO login pop-up in SailPoint IIQ often indicates session management issues, potentially related to browser cache/cookies, conflicting SSO settings (SAML vs. other types), or configuration mismatches, with common fixes involving clearing cache, checking order, or adding for newer browser cookie handling, but requires detailed logging to pinpoint the exact cause.

As mentioned by @soswain_resmed , it could be a sticky session issue as well.

Use a SAML tracer to validate the configuration (if SAML based configuration) or use Fiddler to check detailed logs for a session.

Common Causes :

  • Browser Cache/Cookies: Old session data can interfere.

    • Fix: Clear browser cache and cookies, then re-login.

  • Conflicting SSO Configurations: If multiple SSO methods (SAML, Rule-based) are active.

    • Fix: Check the attribute in to ensure SAML is prioritized correctly or disable unused authenticators.

  • SAML Configuration Issues: Mismatched Entity IDs, URLs, or certificates between IIQ and the Identity Provider (IdP).

    • Fix: Verify all SAML settings in IIQ’s Global Settings → Login Configuration against your IdP’s metadata.

  • Session Timeouts/Stale Sessions: A valid session might be treated as stale.

    • Fix: Review SailPoint’s release notes for specific fixes (e.g., background processing for approvals) or ensure proper SSO validation rules are set.

Next Steps for Troubleshooting:

  1. Enable Detailed Logging: Increase logging levels for SAML or SSO authentication in IIQ to capture detailed errors when the pop-up appears.

  2. Test in Incognito/Different Browser: Helps isolate if it’s a browser-specific issue.

  3. Check : Look for SSO-related settings or cookies configurations, suggest noIdpSameSiteNone.

  4. Review Release Notes: Check for known SSO or login-related fixes in your IIQ version.

1 Like