SSO 2.0 not show login users on USG1100

DanieleRiccio
DanieleRiccio Posts: 4
edited April 2021 in Security
Hi, I have a problem with usg1100(firmware 4.62(AAPK.0)) and SSO Agent 2.0 on server 2019, users are not showing up on usg1100.
I have a DC windows server 2019 and usg1100.
i receive this log on SSO Agent:




On the Diagnostic Tool is all ok:





and users are show on SSO AGENT:




But no SSO User show on USG1100:





Comments

  • kukuman
    kukuman Posts: 16  Freshman Member

    Can you check the port 2158 had been turned on your USG1100 and windows server? Because SSO operates on this port.

  • kukuman said:

    Can you check the port 2158 had been turned on your USG1100 and windows server? Because SSO operates on this port.

    Yes,i checked, the diagnostic tool returns everything ok .
    I opened a ticket (via my reseller) 3 months ago but zyxel never replied (taken over by system engineer from taiwan). it is unacceptable.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 289  Zyxel Employee

    What is your firmware version?
    Could you type the command to check the current login user status?
    show users all =>This command can show the current login users.
    show users count =>This command can show the number of login users.
    That can help us to clarify is it a Web-GUI display SSO users issue?


  • What is your firmware version?
    Could you type the command to check the current login user status?
    show users all =>This command can show the current login users.
    show users count =>This command can show the number of login users.
    That can help us to clarify is it a Web-GUI display SSO users issue?

    the firmware version is 4.62(AAPK.0).
    show users count = 18.
    with show users all I display the same users of the web-gui (all users with http login).
    Sso is not working and users are forced to login via http.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 289  Zyxel Employee

    Can you provide a remote link to us via private message?
    I will send you a private message.

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 289  Zyxel Employee
    Hi @DanieleRiccio,

    Can you help to do some verifications:      
    Login SSO accounts on USG1100, wait for a couple of minutes longer (up to 10 minutes) and see if the SSO account can be shown on USG1100.
    If so, it may a Long-time synchronization symptom and we can check toward on this direction


  • On SSO Agent 2.0.0 (windows Server 2019) I have 120 users who are logged in but on Usg1100 they are never seen and are never authenticated via SSO.
    Users are currently authenticating to the USG1100 via http because SSO is not working.











  • Zyxel_Jeff
    Zyxel_Jeff Posts: 289  Zyxel Employee
    edited June 2021

    Hi @DanieleRiccio,

    You can refer to the P.20~28 configuration related information(SSO agent, AD Group policy parts) of the document and see if works.

    If it still not work, can you provide SSO agent remote access let us do more investigation?


  • Zyxel_Jeff
    Zyxel_Jeff Posts: 289  Zyxel Employee

    Thanks for your feedback and provide complete SSO agent related information via private message to us.
    You may adjust LADP/AD server IP address from 127.0.0.1 to the SSO primary/secondary agent IP that you configure on your USG1100 and see if it works.

Security Highlight