06 Jun 2006
28 Sep 2012
Link to this post
We have a site that is integrated into SSO with Salesforce setup as the following:
1) The user clicks on a login link on a page
3) They are then redirected to a Salesforce login page
4) Once the user successfully logs in, they are redirected back to our site.
5) Once on our site, we authenticate the Saml post from them and proceed to log them in
6) Based on the post to our server, we know the username, using that and password for the account, we use SecurityManager.AuthenticateUser(myUserManager.Provider.Name, myCreatedUser.UserName, sPassword, true, out myAuthenticatedUser) to authenticate the user.
7) If authenticated, we execute FormsAuthentication.SetAuthCookie(sUsername, true);
8) We then redirect the user back to the page they were on based on the url set in the cookie.
The problem, that appears to occur randomly, is when the user is redirected back to the page they were on, the login button sometimes still appears as if they are not authenticated on the site. I can go to other pages and most of the page will show up fine as if he has been authenticated. When I go back to the original page it normally shows me as not being logged in even if I've been to other pages that show me as being logged in. I've tried changing the FormsAuthentication to not set a persistant cookie, that has not helped. We have tried to create a custom logout to clear the session and cookies which does not seem to have helped. It is not always easy to replicate this problem.
What could be causing this problem and how can we resolve it?