After working with support for a few days we verified that SSO does not work on a fail over Cluster. Resulting in accounts being locked out or needing the local prtg accounts to gain access. The SSO functionality works great on our core servers that are in standalone and on the primary servers. When it goes to failover unfortunately the callback URI are made blank resulting in no SSO access. If we can be given an option to either not having those callbacks deleted or combining the callback of the primary and failover would be very helpful. The other function I would like to see is when setting those callbacks having the option of picking the auto generated URI and a custom URL. That way we can setup a custom link that is easy to remember for our users instead of having to remember the FQDN of the servers allowing any login to accept the SSO.
Article Comments
Hey Sebastian,
AD Authentication works on failover. If SSO doesnt then you have to resort to an additional form of authentication which defeats the purpose of even configuring it.
Thanks,
Mar, 2022 - Permalink
Hi Michael,
Thank you very much for your contribution.
The described behavior is by design, hence it is expected that SSO on a failover cluster is not working as you expecting it to be. Please refer to the Notes of the manual:
"SSO users cannot log on to a failover node in a cluster."
Best,
Sebastian
Mar, 2022 - Permalink