Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Method not supported when SAML auth is configured #35

Closed
karolgurecki opened this issue Mar 26, 2023 · 14 comments
Closed

Method not supported when SAML auth is configured #35

karolgurecki opened this issue Mar 26, 2023 · 14 comments
Labels
bug Something isn't working

Comments

@karolgurecki
Copy link

karolgurecki commented Mar 26, 2023
edited

Description

I am trying to configure Structurizer On-Premise with Azure AD SAML Authentication, but when Azure is redirecting to the application it returns 405.
I am using latest docker build (3038).

Steps to reproduce

Configure SAMl Single Sing-on in Azure AD as described here https://structurizr.com/share/18571/documentation#saml-20

Screenshot

Azure AD
image
Structurizer configuration
image
Redirect result
image

Code sample

No response

Configuration

No response

Severity

Minor

Priority

Medium

Resolution

I have no budget, please fix this for free

More information

No response
@karolgurecki karolgurecki added the bug Something isn't working label Mar 26, 2023
@karolgurecki karolgurecki changed the title Method not supported when SAMl auth is configurated Method not supported when SAML auth is configured Mar 26, 2023
@josdeweger
Copy link

josdeweger commented Apr 3, 2023
edited

we are running into the same issue. Our configuration looks pretty similar to the OP's, we are also getting a 405 Method not allowed on the /saml/sso endpoint. In the logs we see the following error:

DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported

but for completeness sake:

  • our Structurizr app is running in an Azure Appservice
  • version 3040
  • we created an AAD Enterprise Application with return url {my-app-name}/saml/sso (where {my-app-name} is a placeholder for our real app name of course)
  • added the structurizr.properties and saml-idp-metadata.xml files and restarted the appservice

structurizr.properties:

structurizr.authentication=saml
structurizr.url=https://{my-app-name}.azurewebsites.net
structurizr.saml.entityId={client id of the AAD Enterprise Application}

@josdeweger
Copy link

ok, so figured out what was the issue in our case. I set the Azure Enterprise App application id as entityId, instead I should ofcourse have used the Entity Id. Strange to get a 405 on this. I also noticed that the return url is case sensitive, so redirecting doesn't work if the url's don't match case

@edgrip
Copy link

edgrip commented Apr 11, 2023

Your case may have been already solved by issue #8.

You have to adjust structurizr.saml.maxAuthenticationAge property to higher (90 days ?) than the default value (2 hours): https://structurizr.com/share/18571/documentation#max-authentication-age

@HugKL
Copy link

HugKL commented May 11, 2023

Same problem wit keycloak here. Already tried to change the max-authentication-age to 8h, 24h, and 90 days, and didn't worked.

@samm-git
Copy link
Contributor

Same on my side, KC+structurizr

@simonbrowndotje
Copy link
Contributor

Somebody on the Slack group (onpremises channel) has mentioned that the instructions for Keycloak are out of date, and posted an updated screenshot. You may want to jump on there and take a look.

image

Alternatively, you may want to try forcing authentication -> https://structurizr.com/share/18571/documentation#force-authentication (although this seems to be related to issues with Azure AD).

@samm-git
Copy link
Contributor

Thank you for the screenshot, i fixed it now :)

Issue (for me) was that i disabled "sign document" function. Just in case if anyone need, sending my KC screenshot of the working configuration:
Screenshot 2023-06-15 at 18 39 54
Screenshot 2023-06-15 at 18 40 10
Screenshot 2023-06-15 at 18 40 30

@simonbrowndotje
Copy link
Contributor

That's great, thanks. Would you consider sending a PR for the docs please?

https://github.com/structurizr/onpremises/blob/main/docs/docs/04-authentication.md#keycloak

@samm-git
Copy link
Contributor

Done, #47

@albertdabrowski
Copy link

Have similar problem when integrating with Okta. I receive on server logs
DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported].
This is on the returning from already authenticated user on /saml/SSO

Did anyone resolved that problem? why structurizr is not accepting POST on that url.

@samm-git
Copy link
Contributor

samm-git commented Jul 5, 2023

In my case it was disabled signing on the request, please check your settings.

@albertdabrowski
Copy link

Thanks @samm-git that was also a problem on my side. Once I enabled SAML signed request then it started to work. BTW, to do that I had to export cert from jks existing on repo for structurizr onprem and upload it to Okta so then it was possible to enable it.

@glauberrs
Copy link

Hi people, i face the same problem with Azure AD and I resolved creating group claim on Enterprise Application:

image

@simonbrowndotje
Copy link
Contributor

Closing since the OP hasn't responded, so I'm assuming this is resolved ... please open new issues/discussions as needed.

@structurizr structurizr locked as resolved and limited conversation to collaborators Jul 26, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@simonbrowndotje @edgrip @samm-git @karolgurecki @albertdabrowski @glauberrs @josdeweger @HugKL