New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot login with SAML when IdP is OneLogin or OpenAM since 1.38.3 #15567
Labels
Administration/Auth/SSO
Enterprise SSO like SAML and JWT
Priority:P1
Security holes w/o exploit, crashing, setup/upgrade, login, broken common features, correctness
.Regression
Bugs that were previously fixed and/or bugs unintentionally shipped with new features.
Type:Bug
Product defects
Milestone
Comments
flamber
added
Type:Bug
Product defects
Priority:P1
Security holes w/o exploit, crashing, setup/upgrade, login, broken common features, correctness
.Regression
Bugs that were previously fixed and/or bugs unintentionally shipped with new features.
Administration/Auth/SSO
Enterprise SSO like SAML and JWT
labels
Apr 12, 2021
|
The new The encoded SAML from OpenAM contains line breaks every 76 characters which doesn't match |
pawit-metabase
added a commit
that referenced
this issue
Sep 7, 2021
OpenAM SAMLResponse contains "\r\n" every 76 characters leading our SAML code to think it's not base64-encoded. Fix by relaxing our valid base64 check to ignore all spaces. Fixes #15567
pawit-metabase
added a commit
that referenced
this issue
Sep 8, 2021
OpenAM SAMLResponse contains "\r\n" every 76 characters leading our SAML code to think it's not base64-encoded. Fix by relaxing our valid base64 check to ignore all spaces. Fixes #15567
github-actions bot
pushed a commit
that referenced
this issue
Sep 8, 2021
OpenAM SAMLResponse contains "\r\n" every 76 characters leading our SAML code to think it's not base64-encoded. Fix by relaxing our valid base64 check to ignore all spaces. Fixes #15567
pawit-metabase
added a commit
that referenced
this issue
Sep 8, 2021
Minimal XML file to setup Metabase inside OpenAM for testing
|
flamber
changed the title
Cannot login with OpenAM SAML since 1.38.3
Cannot login with SAML when IdP is OneLogin or OpenAM since 1.38.3
Jun 21, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Administration/Auth/SSO
Enterprise SSO like SAML and JWT
Priority:P1
Security holes w/o exploit, crashing, setup/upgrade, login, broken common features, correctness
.Regression
Bugs that were previously fixed and/or bugs unintentionally shipped with new features.
Type:Bug
Product defects
Describe the bug
After upgrading from 1.38.2 to 1.38.3, it's no longer possible to login via OpenAM SAML. Errors with
SAML info does not contain user attributes
. There's no difference in the responses (besides timings and signature of course). Likely caused by #15410.To Reproduce
POST /auth/sso
error with:SAML Response 1.38.2.txt
SAML Response 1.38.3.txt
Information about your Metabase Installation:
Tested 1.38.2 (working) and 1.38.3 (failing)
Additional context
I'm not a fan of OpenAM. Took a long time to understand how it works and how to setup with Metabase, not even sure if I did it correctly, but I can reproduce the issue.
The text was updated successfully, but these errors were encountered: