Single Sign-On Service › SSO Getting Started Guide › Enable Domain Users to Access Applications Without Reauthenticating › Set Callback and Authentication URLs › Configure the Proxy

Configure the Proxy

Configure the on-premise proxy to forward a header to the Credential Handler application.The header must be named ONPREM_AUTH_METHOD and contain the name of the authentication method for the target application, as defined in the tenant User Console. In this example, the header resembles the following:

ONPREM_AUTH_METHOD=Test123Auth

Troubleshooting Home Realm Detection

If issues occur, check the /opt/CA/secure-proxy/proxy-engine/logs/chsLogin.log file. Search for the following string:

"JSON parsing done, found default auth method; redirecting to URL"

Test the string by copying the URL into a browser window to see if the federated partnership works correctly.

If the string does not exist in the log file and the user is directed to the login page, verify the following configuration settings:

• The partnership uses the SAML 2.0 protocol
• The ONPREM_AUTH_METHOD header in the proxy specifies the name of the authentication method for the application exactly as it is specified in the User Console.
• The application definition in the User Console correctly specifies the authentication method in the ONPREM_AUTH_METHOD header.