Closed kbhuvanamohan closed 4 years ago
@DonMartin76 Hi Martin, We are unable to get the Single Log Out to work. Can you please provide any insights into the same? Though the actual portal gets log out, we are getting the error page with "SAML Error Response" message.
Can you please help with this?
This is something your SAML team can probably help you best with. The metadata of the SAML Identity Provider will have something like this:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://login.company.com:443/auth/IDPSloRedirect/metaAlias/idp1" ResponseLocation="https://login.company.com:443/auth/IDPSloRedirect/metaAlias/idp1"/>
The URL up there then goes into the SAML configuration in the default.json
file for the auth servers:
...
"idpOptions": {
"sso_login_url": "https://login.company.com:443/auth/SSORedirect/metaAlias/idp1",
"sso_logout_url": "https://login.company.com:443/auth/IDPSloRedirect/metaAlias/idp1",
"certificates": [
"$PORTAL_AUTH_SAML_WHATEVER_IDP_CERT"
],
"sign_get_request": false,
"allow_unencrypted_assertion": true
}
...
The SAML library used is (as stated in the kickstarter) https://www.npmjs.com/package/saml2-js, so all the options mentioned there (for SP and IdP) can be used. Actually, it's our own fork of that package, https://github.com/apim-haufe-io/saml2.
Can this be closed?
@miguelpoyatosmora @karthiknaga87 Please help to provide additional information if needed.
Closing this for now. If you still need clarification or additional help, feel free to re-open or to create a new issue.
Hi Martin,
We have successfully created SAML integration and able to complete the testing. We thought of sharing our experience:
Thanks again for your wonderful support.
Thanks, Bhuvan.