Hello,
i just wanted to check in if the behaviour described below is normal, or if I need to check my installation/IdP. I would be very grateful for any leads on which Setting might fix this behaviour if so.
I just enabled SAML login supplementary to my existing LDAP login, and noticed that whenever I log in with SAML, i get asked to login again after the Browser is closed.
When logging in through LDAP with user/pass (the “remember me” box is checked) the session persists past Browser restarts.
I dont think my IdP (EntraID) is responsible for the login screen, since the Design and URL looks to be Zammad. Additionally, as soon as I click the SAML-Button, the authentication is greenlit immediately - no email or password required (unlike after a ‘full’ logout).
This leads me to conclude that there is some mechanism at play that prevents returning to the Session after the browser is closed when using SAML. Maybe whatever is behind that “remember me” box?
Thank you very much in advance!
Yours sincerely,
– ZeroOne
Infos:
- Used Zammad version: 6.5.2
- Used Zammad installation type: docker-compose
- Operating system: Ubuntu LTS 24.04
- Browser + version: Chrome 144.0.7559.60
Expected behavior:
- The User opens the Zammad Webpage and is asked to login
- The user clicks the SAML button and is redirected to the IdP Login → Success!
- The User is redirected to the User/Agent interface
- The User closes the Browser
- The User opens the Browser
- The User opens the Zammad Webpage and is redirected to the User/Agent interface since the session has not timed out
Actual behavior:
- The User opens the Zammad Webpage and is asked to login
- The user clicks the SAML button and is redirected to the IdP Login → Success!
- The User is redirected to the User/Agent interface
- The User closes the Browser
- The User opens the Browser
- The User opens the Zammad Webpage and is asked to login
Steps to reproduce the behavior:
- Login Using SAML
- Close Browser completely
- Open Zammad again