Hello all, We’ve just recently gone live with our implementation of Ethos which is using SSO to bring learners from our secure portal over to Ethos to access our courses. We started to get reports of learners getting an “Access Denied” error and we were able to finally replicate it. It seems that it happens when someone has already followed a link and connected to Ethos via SSO but then for some reason comes back to our portal and clicks the link again. When they try to SSO the second time they get an Ethos screen saying Access Denied. They can then click the Home button in Ethos and continue using it and they are logged in. It’s not a great experience though and we’re hoping that someone else has experienced this and may know how to rectify it. We’ve submitted a support request but haven’t been offered any feedback yet. Appreciate any and all help.
Our site has experienced the same issue. We have stopped using the SSO as a result because projects coming from our partner sites are expericing the access denied error and it imapacts the amount of people who complete our programs. I am currently trying to set up a meeting with my partners and Ethos Engineering but I don’t have a reason yet for why this happens.
Hello - we are also experiencing a similar issue with our SSO (perhaps?). The dev team at Ethos is looking into what is happening. Essentially, for us, people are trying to get to a course in a learning group and will get this unless they go to the learning group first and then the course in the learning group. They will also get stuck on a white screen prior to getting the access denied message even though they are logged in. The learners in one of our courses are super frustrated by this experience. I don’t think our hospital will allow us to not have the SSO, so I am hoping this can be fixed.
From our research on these use cases, it appears that the links used to access content are causing an SSO collision for users already logged in. If the links from the external site point to a login page, authenticated users (those who are already logged in) will get an access denied message because the login page is exclusively used for unauthenticated users.
The preferred approach for inbound links is to point directly to the course, and then EthosCE will manage the need for a login based on the user’s status.
- ethoscesite/saml_login?destination=test-course Not recommended.
- ethoscesite/test-course Recommended
If learners are not authenticated, they will be directed to login on the “Register Take Course” tab.
Thank you @Joel
We implemented the change you described and that does seem to have fixed the issue. We will be monitoring our customer service calls/emails over the next several days to ensure we’re no longer getting those types of submissions.
@Joel - Bit of a follow up here. I’ve been trying to test this fix on different computers and browsers and I’m getting mixed results. In about 50% of the cases, I’m finding that when the user SSO’s to Ethos that the Ethos system is showing them as not logged in. If I click the login button on the Ethos site, it logs me right in without needing to enter credentials, but when initially landing at Ethos, it does not have me logged in. On my phone, I found that I got that behavior on the normal safari browser but when I did private browsing I did not have that behavior. I tried on my home personal computer in both Chrome and Edge and in both cases I was not showing as logged in when I got to Ethos. Thoughts?