Federated Authentication Troubleshooting
Federated Authentication Process Overview¶
The diagram describes the steps to authenticate to an Anyware Manager Connector and select a desired remote workstation desktop using Federated User Authentication. The diagram is numbered, and the flow can be followed by the numbers to determine which components are in use at any given step in the process, and instructions are be provided for how to obtain logs from those components in the event of a failure.
Authentication Process¶
| Step | Visual | Description | Potential Types of Failures | Components Involved |
|---|---|---|---|---|
| 1 |  |
The user opens up the PCoIP Client from their computer. | Client failures, such as crashing. | PCoIP Client |
| 2 |  |
From the list of configured connections, the user selects the connector configured for Federated User Authentication. | Networking errors between the client and connector. Connector is misconfigured or failing |
- PCoIP Client - Connector (Connection Manager) |
| 3 |  |
The connector instructions the PCoIP Client to perform Federated User Authentication and the user's web browser is opened to the organization's Identity Provider. | Connector provides an incorrect client ID.  Networking errors between the user's computer and the Identity Provider. |
- PCoIP Client Connector (Connection Manager, Federated Authentication Service) - Identity Provider. |
| 4 |   |
The user provides their credentials or any other authentication means to the Identity Provider. | Incorrect credentials.  |
Identity Provider. |
| 5 | NA | The user returns to their PCoIP Client and the client provides the user's proof of authentication to the connector. The connector validates that authentication against the Identity Provider. | Incorrectly configured return URL in the Identity Provider. Untrusted certificate between the connector and Identity Provider. |
- PCoIP Client - Connector (Connection Manager, Broker, Federated Authentication Service) - Identity Provider |
| 6 |  |
Connector obtains the user's list of desktops (or pools) and returns them to the client to be displayed to the user. | - Network failures between the connector and Anyware Manager - Revoked or invalid credentials within the connector to Anyware Manager - User is not configured in Anyware Manager or has no desktops or pools entitled to them.  |
- PCoIP Client - Connector (Connection Manager, Broker) - Anyware Manager |
| 7 | |
The user selects a desktop (or pool). | Desktop fails to start  |
- PCoIP Client - Connector (Connection Manager, Broker) |
| 8 |  |
The user is prompted at the PCoIP Client to enter their username and password. | - User provides incorrect credentials. - PCoIP Agent is unable to authenticate the user using the credentials. |
- PCoIP Client - Connector (Connection Manager, Broker) - PCoIP Agent |
Obtaining Logs¶
The table above describes the components that may contain logs to describe errors if a failure occurs. This section provides information or references to how to obtain logs for each HP provided component:
-
PCoIP Client
-
Connector
- Anyware Connector Log Collection - Anyware Manager as a Service
-
Connection Manager:
- client inside the corporate network:
sudo docker service logs connector_cm - client outside the corporate network:
sudo docker service logs connector_cmsg
- client inside the corporate network:
- Federated Authentication Broker:
- client inside the corporate network:
sudo docker service logs connector_brokerinternal - client outside the corporate network:
sudo docker service logs connector_brokerexternal
- client inside the corporate network:
- Federated Authentication Service:
sudo docker service logs connector_fa
- PCoIP Agent