Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth an org fails for orgs where SSO enabled generally but not for specified user #1092

Closed
lnholmes opened this issue Jul 26, 2021 · 2 comments
Labels
investigating We're actively investigating this issue

Comments

@lnholmes
Copy link

Summary

When an org has implemented SSO login for some users but authentication must occur as a non-SSO user, the browser opens to allow sign in, but redirects to SSO login page.

Steps To Reproduce:

  1. Configure Single Sign-On settings in Setup
    1. Disable login with Salesforce credentials = true
    2. SAML enabled = true
    3. Add SSO provider to SAML Single Sign-On Settings
  2. Create a user with a System Administrator profile, and set Is Single Sign-On = false for the Sys Admin profile
  3. Enter command sfdx force:auth:web:login --setalias alias --instanceurl https://customdomain.lightning.force.com?login --setdefaultusername

Expected result

Show Salesforce login page

Actual result

IF browser was already opened and user was already signed in, a new browser tab opens to the already-logged in org and user. The "auth an org" operation in VS Code continues to spin and never receives the message that sign-in was completed.

IF user was not signed in already in browser, a new browser tab opens and redirects to the SSO login page

System Information

sfdx-cli/7.94.3-a4e7c7955b win32-x64 node-v14.15.4

@lnholmes lnholmes added the investigating We're actively investigating this issue label Jul 26, 2021
@github-actions
Copy link

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

@cristiand391
Copy link
Member

Sorry for the late reply, cleaning up old issues.

the login web command gets the URL from the oauth endpoint:
https://github.com/jsforce/jsforce/blob/588c6cf986650fb68f9b41314d5c48a9a5c5d478/src/oauth2.ts#L129

then it opens it in the browser, redirect happens and you get the login page (from the Location header from the first request).

I don't see any param we could send to force it to redirect to the standard login page so I don't see CLI supporting this out out the box.

@cristiand391 cristiand391 closed this as not planned Won't fix, can't repro, duplicate, stale Dec 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
investigating We're actively investigating this issue
Projects
None yet
Development

No branches or pull requests

2 participants