search

OneUptime / oneuptime

OneUptime is the complete open-source observability platform.
https://oneuptime.com
Apache License 2.0
4.82k stars 226 forks source link

Bug: Unable to configure Keycloak SSO #1406

Open praveen-livspace opened 6 months ago

praveen-livspace commented 6 months ago

Describe the bug Signature validation fails on authenticating with Keycloak. 


2024-05-14 17:01:30.750 | Error: error:1E08010C:DECODER routines::unsupported |  
-- | -- | --
  |   | 2024-05-14 17:01:30.750 | at Verify.verify (node:internal/crypto/sig:224:24) |  
  |   | 2024-05-14 17:01:30.750 | at RSASHA256.verifySignature (/usr/src/app/node_modules/xml-crypto/lib/signed-xml.js:116:24) |  
  |   | 2024-05-14 17:01:30.750 | at SignedXml.validateSignatureValue (/usr/src/app/node_modules/xml-crypto/lib/signed-xml.js:442:20) |  
  |   | 2024-05-14 17:01:30.750 | at SignedXml.checkSignature (/usr/src/app/node_modules/xml-crypto/lib/signed-xml.js:376:15) |  
  |   | 2024-05-14 17:01:30.750 | at Function.isSignatureValid (/usr/src/app/FeatureSet/Identity/Utils/SSO.ts:138:38) |  
  |   | 2024-05-14 17:01:30.750 | at loginUserWithSso (/usr/src/app/FeatureSet/Identity/API/SSO.ts:247:26) |  
  |   | 2024-05-14 17:01:30.750 | at processTicksAndRejections (node:internal/process/task_queues:95:5) |  
  |   | 2024-05-14 17:01:30.750 | at async /usr/src/app/FeatureSet/Identity/API/SSO.ts:134:16 { |  
  |   | 2024-05-14 17:01:30.750 | library: 'DECODER routines', |  
  |   | 2024-05-14 17:01:30.750 | reason: 'unsupported', |  
  |   | 2024-05-14 17:01:30.750 | code: 'ERR_OSSL_UNSUPPORTED' |  
  |   | 2024-05-14 17:01:30.750 | } |  
  |   | 2024-05-14 17:01:30.751 | BadRequestException [Error]: Signature is not valid or Public Certificate configured with this SSO provider is not valid |  
  |   | 2024-05-14 17:01:30.751 | at loginUserWithSso (/usr/src/app/FeatureSet/Identity/API/SSO.ts:255:21) |  
  |   | 2024-05-14 17:01:30.751 | at processTicksAndRejections (node:internal/process/task_queues:95:5) |  
  |   | 2024-05-14 17:01:30.751 | at async /usr/src/app/FeatureSet/Identity/API/SSO.ts:134:16 { |  
  |   | 2024-05-14 17:01:30.751 | _code: 400 |  
  |   | 2024-05-14 17:01:30.751 | }

To Reproduce Steps to reproduce the behavior:

  1. Configure SAML SSO for any project using keycloak.
  2. Configure the details.
  3. Try logging in using the test link
  4. See error

Expected behavior User should be able to login.

Screenshots If applicable, add screenshots to help explain your problem.

Deployment Type Self Hosted: 7.0.2270

Additional context Add any other context about the problem here.

simlarsen commented 6 months ago

Are you sure you're using correct signature methods? Looks like you're using SHA 256. Did you try with others? Did you also include ----BEGIN CERTIFICATE ----- and END CERTIFICATE LINE to your SSO config with OneUptime?