Skip to content

Troubleshooting Federated Authentication

Federated Authentication Process Overview

The diagram below describes the components and steps that occur when a user authenticates to a Connector using Federated User Authentication up to the point where the user has selected the desktop they want to connect to. The diagram is numbered, and the flow can be followed by the numbers to determine which components are in use at any given step in the process, and instructions are provided for how to obtain logs from those components if a failure occurs. .

Alt Text

Authentication Process

Step Visual Description Potential Types of Failures Components Involved
1 Alt Text The user opens up the PCoIP Client from their computer. Client failures, such as crashing. PCoIP Client
2 Alt Text From the list of configured connections, the user selects the connector configured for Federated User Authentication. - Networking errors between the client and connector.
- Connector is misconfigured or failing		 - PCoIP Client
- Connection Manager
3 Alt Text The connector instructs the PCoIP Client to perform Federated User Authentication and the user's web browser is opened to the organization's Identity Provider. - No browser is opened: Connector misconfigured for federated authentication. Check Connector Configuration
- Connector was configured with an incorrect client ID. (See step 5 in Admin Console configuration section.)
Alt Text
- Networking errors between the user's computer and the Identity Provider.		 - PCoIP Client
Connection Manager, Federated Authentication Service
- Identity Provider.
4 Alt Text
Alt Text		 The user provides their credentials or any other authentication means to the Identity Provider. Incorrect credentials.
Alt Text		 Identity Provider.
5 NA The user returns to their PCoIP Client and the client provides the user's proof of authentication to the connector. The connector validates that authentication against the Identity Provider. - - Incorrectly configured redirect URL in the Identity Provider see, step 5 in Configuring Okta IDP and step 4 in Configuring Azure Active Directory.
- Untrusted certificate between the connector and Identity Provider.		 - PCoIP Client
- Connector (Connection Manager, Broker, Federated Authentication Service)
- Identity Provider
6 Alt Text Connector obtains the user's list of desktops (or pools) and returns them to the client to be displayed to the user. - Network failures between the connector and Anyware Manager.
- Revoked or invalid credentials within the connector to Anyware Manager.
- User is not configured in Anyware Manager or has no desktops or pools entitled to them
Alt Text		 - PCoIP Client
- Connection Manager
- Third-Party Broker
7 Alt Text The user selects a desktop (or pool). Desktop fails to start
Alt Text		 - PCoIP Client
- PCoIP Agent
- Connector (Connection Manager, Broker)
8 Alt Text The user is prompted at the PCoIP Client to enter their username and password. - User provides incorrect credentials.
- PCoIP Agent is unable to authenticate the user using the credentials.		 - PCoIP Client
- Connector (Connection Manager, Broker)
- PCoIP Agent
Single Sign-On
Step Visual Description Potential Types of Failures Components Involved
1 Alt Text The user is prompted to enter their username and password. - SSO is not supported by the Agent.
- SSO is disabled (see --enable--sso flag, check current configuration)		 - Connector (Connection Manager, Broker)
- PCoIP Agent
2 Alt Text The user connects to a session and is presented with the login screen. - Certificate issue. Connector may have been configured with incorrect certificate files. Agent was not able to login with the certificate (Check --sso-signing-* or --sso-enrollment-* installation flags, check current configuration). - PCoIP Agent
- Connector (Connection Manager, Broker)

Obtaining Logs

The table above describes the components that may contain logs to describe errors if a failure occurs. This section provides information or references to how to obtain logs for each HP provided component: