Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Try to use saml authentication with AD FS #1870

Closed
amelie-excent opened this issue Feb 4, 2020 · 7 comments
Closed

Try to use saml authentication with AD FS #1870

amelie-excent opened this issue Feb 4, 2020 · 7 comments

Comments

@amelie-excent
Copy link

Hello,

I try to configure SAML with AD FS.

I followed the instruction here to configure env file with saml but I always get this error :

Invalid issuer in the Assertion/Response (expected 'https://adfs-server/adfs/services/trust/artifactresolution', got 'http://adfs-server/adfs/services/trust')

here is part of my .env config :
AUTH_METHOD=saml2 SAML2_NAME=SSO SAML2_EMAIL_ATTRIBUTE=email SAML2_EXTERNAL_ID_ATTRIBUTE=uid SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName SAML2_IDP_ENTITYID=https://adfs-server/adfs/services/trust/artifactresolution SAML2_AUTOLOAD_METADATA=false SAML2_IDP_SSO=https://adfs-server/adfs/ls/IdpInitiatedSignOn.aspx SAML2_IDP_x509=<cert x509>
I don't understand how I got this url http://adfs-server/adfs/services/trust

Thanks
@finnwessel
Copy link

Did you try to use SAML2_AUTOLOAD_METADATA=true ? Had a similar issue with Keycloak as IDP and with enabling the autoload function this problem was solved

@amelie-excent
Copy link
Author

Yes I tried and I get this error :
Error on parseRemoteXML. The requested URL returned error: 400 Bad Request

@amelie-excent
Copy link
Author

https://flareapp.io/share/VmeXpq5Q#F49

@finnwessel
Copy link

Does this url https://adfs-server/adfs/services/trust/artifactresolution provide the endpoint configuration in xml format ?

@amelie-excent
Copy link
Author

No didn't, I replaced it with /FederationMetadata/2007-06/FederationMetadata.xml url and put SAML2_AUTOLOAD_METADATA=true and it's OK now :)
Thanks for your help

@ssddanbrown
Copy link
Member

Thank you @finnwessel for helping out on this one!

@Kol8bok
Copy link

Kol8bok commented Sep 19, 2022
edited

Hello,

I try to configure SAML with AD FS.
Tell me how to solve the problem
I set everything up, but the error keeps popping up
My config .env:

AUTH_METHOD=saml2
AUTH_AUTO_INITIATE=false
SAML2_NAME=BOOKSTACK
SAML2_EMAIL_ATTRIBUTE=email
SAML2_EXTERNAL_ID_ATTRIBUTE=id
SAML2_DISPLAY_NAME_ATTRIBUTES=firstName|lastName
SAML2_IDP_ENTITYID=https://data-centre.siecom.pro/FederationMetadata/2007-06/Fe$
SAML2_AUTOLOAD_METADATA=true
SAML2_IDP_SSO=https://data-centre.siecom.pro/adfs/ls/
#SAML2_IDP_SLO=https://data-centre.siecom.pro/adfs/ls/

SAML2_IDP_x509="-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgITFgAAAA/znQbmfG8ocwABAAAADzANBgkqhkiG9w0BAQsF
ADA8MRMwEQYKCZImiZPyLGQBGRYDcHJvMRgwFgYKCZImiZPyLGQBGRYIdXNlcmdh
dGUxCzAJBgNVBAMTAkNBMB4XDTIyMDkxNjA2Mzg1N1oXDTIzMDkxNjA2Mzg1N1ow
ADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKrSC+w1KKqIjKRqqB+O
..........................................................."
SAML2_IDP_AUTHNCONTEXT=true

On the AD FS:
The file with metadata https://wiki.siecom.pro/saml2/metadata in AD FS was installed well, there were no problems with this

Set up the attributes as follows:
LDAP | Party trust wizard
E-Mail-Addresses | email
Given-Name | lastName
User-Principal-Name | id
Surname | firstName

Gives error on debug:
Invalid ACS Response: invalid_response

Debug:

#0 /var/www/bookstack/app/Http/Controllers/Auth/Saml2Controller.php(119): BookStack\Auth\Access\Saml2Service->processAcsResponse()
#1 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\Http\Controllers\Auth\Saml2Controller->processAcs()
#2 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\Routing\Controller->callAction()
#3 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(262): Illuminate\Routing\ControllerDispatcher->dispatch()
#4 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(205): Illuminate\Routing\Route->runController()
#5 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(721): Illuminate\Routing\Route->run()
#6 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Routing\Router->Illuminate\Routing{closure}()
#7 /var/www/bookstack/app/Http/Middleware/CheckGuard.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#8 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckGuard->handle()
#9 /var/www/bookstack/app/Http/Middleware/Localization.php(45): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#10 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\Localization->handle()
#11 /var/www/bookstack/app/Http/Middleware/RunThemeActions.php(26): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#12 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\RunThemeActions->handle()
#13 /var/www/bookstack/app/Http/Middleware/CheckEmailConfirmed.php(47): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#14 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\CheckEmailConfirmed->handle()
#15 /var/www/bookstack/app/Http/Middleware/PreventAuthenticatedResponseCaching.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#16 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\PreventAuthenticatedResponseCaching->handle()
#17 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(78): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#18 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle()
#19 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#20 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\View\Middleware\ShareErrorsFromSession->handle()
#21 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(121): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#22 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\Session\Middleware\StartSession->handleStatefulRequest()
#23 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Session\Middleware\StartSession->handle()
#24 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#25 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle()
#26 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#27 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Cookie\Middleware\EncryptCookies->handle()
#28 /var/www/bookstack/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#29 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\ApplyCspRules->handle()
#30 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#31 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(723): Illuminate\Pipeline\Pipeline->then()
#32 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(698): Illuminate\Routing\Router->runRouteWithinStack()
#33 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(662): Illuminate\Routing\Router->runRoute()
#34 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(651): Illuminate\Routing\Router->dispatchToRoute()
#35 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(167): Illuminate\Routing\Router->dispatch()
#36 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(128): Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http{closure}()
#37 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(39): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#38 /var/www/bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\Http\Middleware\TrustProxies->handle()
#39 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): BookStack\Http\Middleware\TrustProxies->handle()
#40 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#41 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(40): Illuminate\Foundation\Http\Middleware\TransformsRequest->handle()
#42 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\TrimStrings->handle()
#43 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#44 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\ValidatePostSize->handle()
#45 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(86): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#46 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(167): Illuminate\Foundation\Http\Middleware\PreventRequestsDuringMaintenance->handle()
#47 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): Illuminate\Pipeline\Pipeline->Illuminate\Pipeline{closure}()
#48 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(142): Illuminate\Pipeline\Pipeline->then()
#49 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(111): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter()
#50 /var/www/bookstack/public/index.php(53): Illuminate\Foundation\Http\Kernel->handle()
#51 {main}

Tell me what I'm doing wrong?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ssddanbrown @finnwessel @amelie-excent @Kol8bok