Issue: Problems using an external IDP

Login fails

Redirect URIs

The login might fail if, for example, the redirect URI is wrong. For more information, see Add redirect URIs for the web clients.

No Claims or claims not added to roles

If external IDP users do not have claims defined for them that can be used by the XProtect VMS or if claims have not been added to roles in the XProtect VMS, a log-in with one of the clients will fail even if the external IDP user has been successfully authenticated by the external IDP.

It is still possible, though, for external IDP users to access the XProtect VMS even if the external IDP users do not have claims defined for them. In this case, the XProtect VMS administrator must manually add the external IDP users to one or more roles after the external IDP users' initial log in.

The authentication option is not available in the login dialog box

If you enter an incorrect computer address in the log-in dialog box in a client, the client doesn’t get an answer to the API call. The API call is made when the client is started and whenever the address is changed and it queries which authentication options the XProtect VMS installation supports.

If the client doesn't get an answer to the API call when the client is started, the client defaults back to listing the standard authentication options.

Claims cannot be selected on the roles

Claims that you want to use on roles must be added to the IDP configuration before they can be selected in the roles. The claims can be added on the External IDP tab in the Options dialog box: External IDP tab (options). If a claim is not added tothe IDP configuration, you will not be able select the claim in the roles.