I have a single DMA that is setup with 2FA authentication via a SAML Identify Provider. To prepare for the addition of a failover agent, we went ahead and created a virtual hostname that resolves to both the IP address of the current server, and the IP of a future failover DMA that has yet to be deployed.
When using Cube, one can use either the virtual hostname, or the hostname of the current DMA to access the system, and it will work fine to pop up with the external login security provider.
However, when accessing via a browser with HTML, it will only forward you on to the identify provider fs you use the virtual hostname, not if you use the primary agent hostname. If you use the primary agent hostname, it will return this error:
Is there any workaround or setting that can be changed so that the HMTL5 login can use either the virtual hostname or the actual hostname of the machine and still work?
For informational purposes, the SSL certificates were all setup with both virtual and regular hostnames as well as the agent IP address.
I had to dig around a but, but I found an example of how to configure multiple hostname in the spMetadata file here:
Hi Michael,
Can you check the below?
Assertion consumer service <URL> was not found.
-
Application: Web apps
-
Cause: The Assertion Consumer Service URL is spelled incorrectly or cannot be found in spMetadata.xml.
You can add multiple URLs in that spMetadata file, so it should be a matter of adding all the possible URLs in that file and then it should work.
Source: Troubleshooting SAML issues | DataMiner Docs
Bert