1- Is it possible to make the Primary Authentication flow ( /authn ) work in a multi-tenant setup?
2- What are the required configurations needed to make the /authn requests work against a Tenant?
3- Does the Delegated Authentication configuration is required to make /authn request work?
-
Problem:
-
The Primary Authentication Flow works against the Tenant A, but we haven’t find a way to exchange the sessionToken from Tenant A for an accessToken in Tenant B.
-
The Primary Authentication Flow does not work against Tenant B. The following error is returned (we’ve made sure valid username and password credentials are provided).
- “errorCode”: “E0000004”,
“errorSummary”: “Authentication failed”
- “errorCode”: “E0000004”,
-
The authorization code flow works against the Tenant B, where the authorization server is setup, but the Primary Authentication flow does not.
-
-
We have the following setup:
-
Tenant A
- Has the Org2Org connector to provision users into tenant B
- Has the AD setup
- Works as IdP
-
Tenant B
- Has Tenant A configured as IdP
- Has routing rules for user authentication into Tenant A
- Has the custom authorization server setup where clients and users can provision access tokens from.
-