search

axelor / axelor-open-suite

The Axelor Open Suite based on Axelor Open Platform
http://axelor.com
Other
821 stars 663 forks source link

SAML #6193

Open ctenot-sekrata opened 3 years ago

ctenot-sekrata commented 3 years ago

hi

I m trying to do a POC , and one of the main point of the POC is the SAML connection… I used to follow the Axelor doc https://docs.axelor.com/adk/5.4/dev-guide/modules/security.html#saml-2-0

and I have :

org.pac4j.saml.exceptions.SAMLException: Cannot find entity http://axelor:8080/axelor/callback?client_name=SAML2Client in metadata provider org.pac4j.saml.context.SAML2ContextProvider.addContext(SAML2ContextProvider.java:125) org.pac4j.saml.context.SAML2ContextProvider.addSPContext(SAML2ContextProvider.java:105) org.pac4j.saml.context.SAML2ContextProvider.buildServiceProviderContext(SAML2ContextProvider.java:68) org.pac4j.saml.context.SAML2ContextProvider.buildContext(SAML2ContextProvider.java:74) org.pac4j.saml.redirect.SAML2RedirectActionBuilder.redirect(SAML2RedirectActionBuilder.java:37) org.pac4j.core.client.IndirectClient.getRedirectAction(IndirectClient.java:109) org.pac4j.core.client.IndirectClient.redirect(IndirectClient.java:79) org.pac4j.core.engine.DefaultSecurityLogic.redirectToIdentityProvider(DefaultSecurityLogic.java:217) org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:149) io.buji.pac4j.filter.SecurityFilter.doFilter(SecurityFilter.java:84) org.apache.shiro.guice.web.SimpleFilterChain.doFilter(SimpleFilterChain.java:41) org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449) org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365) org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90) org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83) org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:387) org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362) org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125) com.axelor.app.internal.AppFilter.doFilter(AppFilter.java:94) com.google.inject.persist.PersistFilter.doFilter(PersistFilter.java:94) com.axelor.db.tenants.AbstractTenantFilter.doFilter(AbstractTenantFilter.java:70) com.axelor.web.servlet.CorsFilter.doFilter(CorsFilter.java:137) com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:121) com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:133)

by searching I have found in the doc that there is no key to provide to the Identity Provider and to the Service Provider (IDP & SP) in the documentation. I have found also that if you remove the SP information on your Axelor setup, Axelor will automatically generate a SP file that contains the informations that the IDP & SP needs. So I add those information and I have the above error. I have check also the network trafic and I see that the Axelor server do not generate any trafic to the IDP & and SP.

So i m bit blocked, do you have any idea where to look ? from my Axelor experience, it could be a bug..

Ctenot

pdo-axelor commented 3 years ago

SAML was tested and runs fine so far according to several reports.

Your case looks like a configuration issue on the identity provider side: it needs to authorize your client "http://axelor:8080/axelor/callback?client_name=SAML2Client".