pitbulk
commented
1 year ago Can you confirm the SP metadata was properly registered at ADFS? (make sure the SP Entity ID and Assertion Consumer Service are properly registered)
Closed luter24 closed 1 year ago
pitbulk
commented
1 year ago Can you confirm the SP metadata was properly registered at ADFS? (make sure the SP Entity ID and Assertion Consumer Service are properly registered)
pitbulk
commented
1 year ago @luter24 are you still experiencing the issue?
Hi to everyone. After the attempt to use SSO authorization with configured SAML toolkit, getting error corresponding me that i'm sending request with "http://mysp.mydomain" URI instead of "https://mysp.mydomain", although i setting "https" in all places where it apperars to be.
Here is trace messages (SAML-tracer): HTTP: GET https://idp.mydomain/adfs/ls/saml2/idp/SSOService.php?SAMLRequest=fZJbb%2BIwEIXf%2BRVV3olJYNPGAiRa9oJEATW0D32pjDMBS47t9di9%2FPuamO22lVrLTzNzPp8z8hhZKw2deXdQN%2FDXA7reWTjPrVRIu%2BYk8VZRzVAgVawFpI7Tana9pHk6oMZqp7mWySfZ9yqGCNYJraJsMZ8k69XP5fr3YvUw5EXNy7LYsaK8OIddWfMGYMhGxcVu1ORZU8LwR1mwKL0Di4EzSQI26UUaooeFQseUC%2FVBnvezcIfbbEBHOc3P76N0HsIKxVwnPzhnkBKCDlPrEQVTKRrGgbC6QSKRHFPlRNSGVNW6AvsoOKTmYCJsc9rDpVC1UPvv4%2B%2FiENI%2F2%2B2mv1lX2wiZ%2FVvLlVboW7CnZ25vltFhMLiXRnxyaKTfC4UkmDmaJI3VyhHGsbM37dDjY4d2q7HTr1Fj8n7uv9LQVUixmG%2B0FPylqx%2FPL21b5r4Om6VZVxF1v%2BlGqVdogItGQJ28YWZS6qcrC8zBJHHWQ3JGpr1eNPPxd05fAQ%3D%3D&RelayState=https%3A%2F%2Fmysp.mydomain%2F%3FSSO%3D1&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=E2WsQURphmaMDPlj34BpzQw7IFkZ%2FNl5rKb%2BhtuS%2B6JFGRTkU5w5mVRuVy%2BJ48AozsyDvr9%2F6FOhhVpXWlrW2jrDqkA%2F%2BWijzH1ibIP9mw9RA1E9BxgVRaKymLcRbi%2F6Bpo3LA%2F%2FElAnF9hRouLiIKbvHrWTTR3XWAbOBERqfSxfsINUF0BrPI9aD8Wih5x%2FNOZk4jiqUW1lsg0zujo4AX3B1KZxqbGUxohhsqyxG9swjcgEwAYHUxIL3lglYQvrm%2FoVjP5BN1IIq1YCWHVJ7bA6FPx647pO9JMXH6DTs3oBfuUQXIkhhsqMRVNSl70sj%2FjC2D6%2FOHx2e%2FVp4Ic2MQ%3D%3D HTTP/1.1 Host: idp.mydomain User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Referer: https://mysp.mydomain/ Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-site Sec-Fetch-User: ?1
HTTP/1.1 200 OK Cache-Control: no-cache,no-store Pragma: no-cache Content-Length: 18911 Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age = 31536000 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; X-Atlassian-Token: no-check Access-Control-Allow-Origin: * X-Frame-Options: DENY X-MS-Forwarded-Status-Code: 500 Date: Tue, 13 Dec 2022 10:42:24 GMT
Parameters
GET SAMLRequest: fZJbb+IwEIXf+RVV3olJYNPGAiRa9oJEATW0D32pjDMBS47t9di9/PuamO22lVrLTzNzPp8z8hhZKw2deXdQN/DXA7reWTjPrVRIu+Yk8VZRzVAgVawFpI7Tana9pHk6oMZqp7mWySfZ9yqGCNYJraJsMZ8k69XP5fr3YvUw5EXNy7LYsaK8OIddWfMGYMhGxcVu1ORZU8LwR1mwKL0Di4EzSQI26UUaooeFQseUC/VBnvezcIfbbEBHOc3P76N0HsIKxVwnPzhnkBKCDlPrEQVTKRrGgbC6QSKRHFPlRNSGVNW6AvsoOKTmYCJsc9rDpVC1UPvv4+/iENI/2+2mv1lX2wiZ/VvLlVboW7CnZ25vltFhMLiXRnxyaKTfC4UkmDmaJI3VyhHGsbM37dDjY4d2q7HTr1Fj8n7uv9LQVUixmG+0FPylqx/PL21b5r4Om6VZVxF1v+lGqVdogItGQJ28YWZS6qcrC8zBJHHWQ3JGpr1eNPPxd05fAQ== RelayState: https://mysp.mydomain/?SSO=1 SigAlg: http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 Signature: E2WsQURphmaMDPlj34BpzQw7IFkZ/Nl5rKb+htuS+6JFGRTkU5w5mVRuVy+J48AozsyDvr9/6FOhhVpXWlrW2jrDqkA/+WijzH1ibIP9mw9RA1E9BxgVRaKymLcRbi/6Bpo3LA//ElAnF9hRouLiIKbvHrWTTR3XWAbOBERqfSxfsINUF0BrPI9aD8Wih5x/NOZk4jiqUW1lsg0zujo4AX3B1KZxqbGUxohhsqyxG9swjcgEwAYHUxIL3lglYQvrm/oVjP5BN1IIq1YCWHVJ7bA6FPx647pO9JMXH6DTs3oBfuUQXIkhhsqMRVNSl70sj/jC2D6/OHx2e/Vp4Ic2MQ==
SAML
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_3c6dc996ba6987eb9dcfee3a468b4f21f9e3596a" Version="2.0" IssueInstant="2022-12-13T10:42:27Z" Destination="https://idp.mydomain/adfs/ls/saml2/idp/SSOService.php" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://mysp.mydomain/plugins/phpsaml/front/acs.php"