Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML Auth flow getting wrong ADFS endpoint #556

Open
zhenyatsk opened this issue Mar 3, 2023 · 1 comment · May be fixed by #637
Open

SAML Auth flow getting wrong ADFS endpoint #556

zhenyatsk opened this issue Mar 3, 2023 · 1 comment · May be fixed by #637
Assignees
@dataclouder
Labels
bug Something isn't working

Comments

@zhenyatsk
Copy link

zhenyatsk commented Mar 3, 2023
edited

Describe the bug

According to debug log and code during step "SAML looking up IdP" VCD site return vcd domain instead of link to adfs.

During comparing flow in browser i found that Cookie with 'sso-preferred=yes; sso_redirect_org=<tenant_name>' is mandatory. If i add Cookie to Request, i get correct response with link to ADFS.

For example:
curl 'https://vcddomain/login/tenant/saml/login/alias/vcd?service=tenant:tenant'
-H 'Cookie: sso-preferred=yes; sso_redirect_org=tenant' -v
Return link to ADFS

Reproduction steps

  1. compile saml_auth_adfs sample
  2. execute GOVCD_LOG=1 ./auth --username test@domain.com --password pass --org tenant_name --endpoint https://vcd_domain/api
  3. Got error authorizing SAML: SAML - could not get auth token from IdP (ADFS). Did you specify username in ADFS format ('user@contoso.com' or 'contoso.com\user')? : SAML - ADFS token request query failed for RPT ID ('<tenant_name>'): SAML request got error: { }

...

Expected behavior

Got info about NSX Edge in Tenant

Additional context

No response
@zhenyatsk zhenyatsk added the bug Something isn't working label Mar 3, 2023
@zhenyatsk
Copy link
Author

also looks like
023/03/03 19:00:57 GET https://domain/login/tenant/saml/login/alias/vcd**?**&service=tenant:tenant

there is an extra ? before &service= param

mnspodrska added a commit to mnspodrska/go-vcloud-director that referenced this issue Dec 4, 2023
@mnspodrska
Added necessary cookies to get valid ADFS endpoint for organization. C…
484c561 
…loses vmware#556.

Signed-off-by: Marko Uskokovic <17175348+mnspodrska@users.noreply.github.com>
@mnspodrska mnspodrska linked a pull request Dec 4, 2023 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dataclouder dataclouder

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Added necessary cookies to get valid ADFS endpoint for organization. mnspodrska/go-vcloud-director
2 participants
@dataclouder @zhenyatsk