HI
could you validate kickoff url ( mostly the Reverse Proxy utility of Federation configuration adds correct ACLs) , most common reason is correct formation of kickoff url
https://<Reverse Proxy FQDN>/<junctionname>/sps/oidc/rp/<federationname>/kickoff/<partnername>?Target=xx
------------------------------
Tushar
Tushar
------------------------------
Original Message:
Sent: Wed August 13, 2025 01:00 PM
From: Rudy Santos
Subject: OIDC RP Federation kickoff
Hello,
I created a federation configuration where IVIA is acting as a relying party. For some reason, when I call the /kickoff endpoint to have the browser redirected to the OIDC provider, IVIA is requesting user authentication before proceeding with the redirect. I have double-checked the ACLs, analysed the pdweb.debug and reviewed the configuration, but I couldn't find the reason why the /kickoff endpoint is protected.
Is there a way to enable ACL debugging or logging to identify the source of the issue?
------------------------------
Rudy Santos
------------------------------