TeamConnect External Links Cause 404 Errors (Deep Linking)
Problem Summary
Clients may have a need to link to a website's interior pages beyond the home page. Deep linking provides a method for efficiently directing a user to a context specific web page that may be several layers deep in a web site beyond the site's home page. For example, many TeamConnect clients will have links to records contained within notification emails.
When using Mitratech's SAML SSO implementation, a client may be directed to a 404 Error page on first attempt to navigate to a specific record's URL from outside of TeamConnect. After refreshing the page, the URL will direct the user to the intended page.
Cause
After navigating to the external URL from outside of TeamConnect, the SAML application redirect's the user to their IDP for authentication. After the authentication has been established by the IDP, the SAML application tries to redirect the user to an incorrect URL.
Resolution
A new property has been added to the AuthenticationDescriptor.properties file that corrects this issue. The new property is tc.ssoHostURL. In order to find the correct URL for this property, you will need to do the following;
- Open a web browser that has a network monitoring tool (Firefox or Chrome).
- Open the network monitoring tool and navigate to the client’s TeamConnect /Login page. (https://example.teamconnect.com/EXAMPLE_PROD/Login)
- Click on the POST request in the list of requests to view its details.
- Find the ‘Host’ request header and copy the URL. (Example: https://www.okta.com)
Once the Host URL has been found, you will need to update the AuthenticationDescriptor.properties file with the new tc.ssoHostURL property.
- Check out the AuthenticationDescriptor.properties file within TeamConnect’s Document section.
- This can be found by going to Documents -> Top Level -> System -> Authentication -> SAML -> Classes
- This can be found by going to Documents -> Top Level -> System -> Authentication -> SAML -> Classes
- Add the new tc.ssoHostURL property in the checked out file and set it equal to the Host URL found above. (Example: tc.ssoHostURL=https://www.okta.com)
- Check the AuthenticationDescriptor.properties file back into TeamConnect.
- Reload the Authentication Plugins in the Admin Settings.
- This can found by going to Admin -> Admin Settings -> Security and scrolling to the bottom of the page.
- This can found by going to Admin -> Admin Settings -> Security and scrolling to the bottom of the page.
Verification
Once the above steps have been taken, you can verify the issue is resolved by navigating to the same external link that was causing the 404 error previously and verifying that the link works on the first attempt.