Open Infernogeek1 opened 3 months ago
@Infernogeek1: did you try the owasp slack channel?
I tried #defectdojo channel in OWASP Slack at August 1st.
@Infernogeek1 I'm not great or really even good with SAML but the people I do know who are good with SAML use this to debug issues like a bad redirect. Maybe giving it a try would help: https://chromewebstore.google.com/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch or https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/
According to SAML tracer, the attempt does not even get anywhere near actually issuing the SAML request.
GET https://defect.something.com/saml2/login HTTP/1.1
Host: defect.something.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Referer: https://defect.something.com/login?next=/saml2/login
Connection: keep-alive
Cookie: csrftoken=on3kreBy42vd28u5vpEy8UnY6bogUcit; dojo-sidebar=max
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Fri, 09 Aug 2024 23:08:20 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Location: /login?next=/saml2/login
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Vary: Cookie
Here is the snippet from UWSGI logs.
[pid: 31|app: -|req: -/-] 192.168.1.11 (-) {62 vars in 1096 bytes} [Fri Aug 23 11:25:37 2024] GET /saml2/login => generated 0 bytes in 37 msecs (HTTP/1.0 302) 8 headers in 258 bytes (1 switches on core 1)
[pid: 31|app: -|req: -/-] 192.168.1.11 (-) {62 vars in 1119 bytes} [Fri Aug 23 11:25:37 2024] GET /login?next=/saml2/login => generated 15709 bytes in 43 msecs (HTTP/1.0 200) 10 headers in 481 bytes (1 switches on core 0)
[pid: 31|app: -|req: -/-] 192.168.1.11 (-) {62 vars in 1098 bytes} [Fri Aug 23 11:33:50 2024] GET /saml2/login => generated 0 bytes in 42 msecs (HTTP/1.0 302) 8 headers in 258 bytes (1 switches on core 1)
[pid: 31|app: -|req: -/-] 192.168.1.11 (-) {62 vars in 1121 bytes} [Fri Aug 23 11:33:50 2024] GET /login?next=/saml2/login => generated 15709 bytes in 49 msecs (HTTP/1.0 200) 10 headers in 481 bytes (1 switches on core 0)
Have you solved it?
Problem description Hello. I am getting redirected to a wrong place when trying to do SAML auth.
Steps to reproduce Steps to reproduce the behavior:
Expected behavior Get logged in
Deployment method (select with an
X
)Environment information
Logs and configs NGINX logs:
local_settings.py