Page 1 of 1

web-ca not working for SSO

Posted: Thu Jan 20, 2022 9:13 am
by lkinley
James wrote in Feedback forum:
Viscosity actually supports a "Web CA" file, which can be optionally used to validate the SSO/SAML login webpage. There is no GUI option in the editor for this, however it can be specified using either the "web-ca" command (with a path to the Web CA file as the parameter), or inside the configuration file using OpenVPN's inline file syntax: <web-ca>PEM Data</web-ca>
I am not having any luck in getting this to work. I've tried both the web-ca command in the config file and using the inline file syntax (which appears to translate this into a web-ca command and creates a file for the CA certificate.)

I see the web-ca command in the Advanced tab, so I know it is part of the config.

However, when initiating a connection the login page comes up with NET::ERR_CERT_AUTHORITY_INVALID

Re: web-ca not working for SSO

Posted: Thu Jan 20, 2022 9:18 am
by Eric
Hi Ikinley,

I'm afraid this isn't supported on Windows yet for SSO due to a limitation in the Windows web APIs. We're hoping to see support in 1.10.2 either with a work around on our end or official support from Microsoft in the APIs, please keep an eye on the betas - https://sparklabs.com/support/kb/articl ... -versions/

In the mean time, adding the web-ca to the user/machine certificate store will prevent the invalid certificate error for SSO.

Regards,
Eric

Re: web-ca not working for SSO

Posted: Thu Jan 20, 2022 9:39 am
by lkinley
Thanks for the quick response! I will monitor the betas.
Does this feature work on MacOS without issue then?

Re: web-ca not working for SSO

Posted: Thu Jan 20, 2022 12:16 pm
by Eric
Hi Ikinley,

macOS supports web-ca with no known issues.

Regards,
Eric