web-ca not working for SSO

Got a problem with Viscosity or need help? Ask here!

lkinley

Posts: 11
Joined: Thu Jan 06, 2022 5:36 am

Post by lkinley » Thu Jan 20, 2022 9:13 am
James wrote in Feedback forum:
Viscosity actually supports a "Web CA" file, which can be optionally used to validate the SSO/SAML login webpage. There is no GUI option in the editor for this, however it can be specified using either the "web-ca" command (with a path to the Web CA file as the parameter), or inside the configuration file using OpenVPN's inline file syntax: <web-ca>PEM Data</web-ca>
I am not having any luck in getting this to work. I've tried both the web-ca command in the config file and using the inline file syntax (which appears to translate this into a web-ca command and creates a file for the CA certificate.)

I see the web-ca command in the Advanced tab, so I know it is part of the config.

However, when initiating a connection the login page comes up with NET::ERR_CERT_AUTHORITY_INVALID

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Jan 20, 2022 9:18 am
Hi Ikinley,

I'm afraid this isn't supported on Windows yet for SSO due to a limitation in the Windows web APIs. We're hoping to see support in 1.10.2 either with a work around on our end or official support from Microsoft in the APIs, please keep an eye on the betas - https://sparklabs.com/support/kb/articl ... -versions/

In the mean time, adding the web-ca to the user/machine certificate store will prevent the invalid certificate error for SSO.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

lkinley

Posts: 11
Joined: Thu Jan 06, 2022 5:36 am

Post by lkinley » Thu Jan 20, 2022 9:39 am
Thanks for the quick response! I will monitor the betas.
Does this feature work on MacOS without issue then?

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Thu Jan 20, 2022 12:16 pm
Hi Ikinley,

macOS supports web-ca with no known issues.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
4 posts Page 1 of 1