Search

Troubleshooting SSO and Network-Related Login Failures

Overview

When testing a login flow, particularly one involving Single Sign-On (SSO), you may encounter errors such as "Page Expired," "Not Secure," or a blank white page after entering credentials. These issues often indicate that the test environment is unable to connect to the necessary authentication resources, pointing towards a network, proxy, or tunnel configuration problem rather than an issue with the application under test.

How It Works

These login failures typically occur when the execution environment, such as a Functionize tunnel host, is blocked from accessing the SSO provider's URL (e.g., a Microsoft login page). The application attempts to redirect for authentication, but the connection is refused by your network's security policies.

To diagnose and resolve this, follow these steps:

  1. Enable Certificate Error Check: As a first step, navigate to your Project Settings and ensure the "Certificate Error Check" option is enabled. Retest to see if this resolves the issue.
  2. Isolate the Failure Point: Observe where the test fails. If it enters credentials, attempts to redirect, and then shows a blank page or an error, the issue is likely with the redirection to the SSO provider. Adding appropriate wait times can help confirm if the page is simply slow to load or if it is failing to connect entirely.
  3. Verify User Access: Test if different user credentials produce different results. If one user can log in successfully while another cannot, the problem may be tied to user-specific permissions or access controls configured within your identity provider.
  4. Confirm Network Block: The appearance of a blank page after a redirect attempt is a strong indicator that the server is refusing the connection from the test environment's IP address. This confirms a network-level block.
  5. Engage Your IT Team: The resolution requires involving your internal IT, DevOps, or Network Security team. They will need to grant the necessary access for the specific user account and/or allowlist the Functionize tunnel host's IP address to access the required authentication URLs.

Limitations

Functionize support can help diagnose that the issue is network-related, but cannot resolve it directly. The configuration of your internal network, firewalls, and SSO access policies is outside the scope of Functionize and must be managed by your own IT department.