New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Invalid SAML v2.0 Name ID format on attempt to redirect SP to FusionAuth Login URL #205
Comments
Thanks for opening this up @mikerees. It looks like the only It may be as simple as adding it, I'll report back when I know more. |
This is looking like just a bug on our end, how are you running FusionAuth, docker, zip or linux package? |
Linux package. |
Want to try a patched jar? ... or I could spin you a deb or RPM to test as well. |
Whichever's easier for you |
Try this, replace the existing |
I appear to still be getting the same error.
|
Strange, that exception shouldn't happen with the jar I sent, is it possible you have both the old and the new jar in the lib directory? Can you provide the output (or equivalent) to this command?
|
Just this.
I should clarify though that I did try renaming that file to -0.2.0.jar at one point due to some issues with FusionAuth picking it up but that is it in its current state. The checksum of that file is 4f05d5e08ea898d22b48796306ca4fa4 if that helps you confirm it's the correct version |
I have tried reuploading and rebooting the service and I appear to have got past this issue. I'm now getting configuration issues that I should be able to resolve by myself. Thanks for the assistance! |
Ah, ok, yes, I should have mentioned you would need to restart the web service. That checksum is correct. Thanks for testing that out for us, we will get that fixed in the upcoming release. If you have any other feedback on our SAML configuration or support that would make this easier for you, please pass it along! Thanks @mikerees |
Available in 1.7.3 |
Invalid SAML v2.0 Name ID format on attempt to redirect SP to FusionAuth Login URL
Description
Attempts to redirect a user from a Service Provider to the relevant application's SAML v2 Login URL causes a 500 internal server error. Nothing gets logged to the event log, but fusionauth-app.log is saying that there is an invalid SAML v2.0 name ID format being passed. The metadata passed contains the Name ID policy urn:oasis:names:tc:SAML:2.0:nameid-format:transient which is a valid Name ID policy. I have also encountered this same issue using the persistent 2.0 Name ID policy.
Steps to reproduce
Expected behavior
A login screen to be presented that allows a user to log in with their FusionAuth user account, and for FusionAuth to then redirect to the ACS URL with a SAML response payload.
Platform
(Please complete the following information)
Additional context
The stacktrace for the error in fusionauth-app.log is as follows:
The SAML SP Metadata file is attached.
metadata.txt
The text was updated successfully, but these errors were encountered: