There may be a scenario where you have configured SSO with MultiGroupSupport and all the configuration is correct and still you are seeing Authorization error on the Web UI Page.
The authorization error is case of Multi Group support can be basically of below 2 reasons:
- Either application.properties is not correct.
- There is a different groupNameDelimter value.
For application.properties, you need to make sure that you are making below changes:
- user.super_admin has the name of correct group which you want to have as a super admin. In case you have multiple groups you need to make sure that you are using ;; to distinguish different groups.
- update_super_admin_group needs to be set to true.
- default_group= needs to be kept as blank.
- In applicationContext-Security.xml in epheSamlFilter <constructor-arg index=”2″ value=”false”/> should be false.
If above doesn’t resolve the issue then you need to make sure what groupNameDelimiter you are getting from your Identity Provided. In case of ADFS we receive , (comma) as a delimiter. We need to make sure that correct value exist in web.xml. You can observe security_group table in ephesoft database and observe what groups entries are getting added.