Idea ID: 2871180

Single login-in request using SSO with ALM Client Launcher

Status : New Idea
1 month ago

Current situation:

When users access ALM -which is SSO enabled- using ALM Client Launcher, they have to type 2 times their credentials: first time the ALM credentials, second time the IdP credentials.
This is not the case when they connect to ALM using Internet Explorer. In that case, SSO authentication passes without having to type the credentials again.

Cause:

As per RnD confirmation, this is due to currently SSO authentication cookies cannot be passed across process boundary, since AlmClientLauncher.exe runs in its own process, thus it cannot access cookies in IE, this is by design now.

Benefits:

Avoiding double login is far more user friendly and supports the real idea of Single Sign On. Compared to the use of Internet Explorer, using ALM Client Launcher is a big step back in terms of SSO based authentication

Labels:

password
Test Management
  • First of all, please confirm whether the use case is like below,

    • User open IE and access the qcbin page, since the server is SSO then he/she needs to input the SSO user credential. When he/she sees the qcbin page and click the small rocket icon, the launcher is loaded and then access ALM server.

    If this is the case, and IE is the default browser, then the user doesn't need to type 2 times their credentials to start ALM Client Launcher. Please check whether IE is the default browser on the machine.