search

boxyhq / mock-saml

A simple mock SAML 2.0 Identity Provider
https://mocksaml.com
Apache License 2.0
87 stars 23 forks source link

500 error on /api/saml/auth: Can't create duplicate variable contentOriginal #568

Closed nbennett25 closed 4 months ago

nbennett25 commented 4 months ago

Hi - Just starting out with the boxyhq/mock-saml Docker image, so it may be a configuration error:

When I go to the app's (mapped to port 8000) login page, I'm redirected to the SAML container's (mapped to port 4000 login page:

Screen Shot 2024-04-03 at 10 47 28 AM

After changing the ACS link to my local app instance; clicking 'Sign In' yields an 'Error in getting SAML response' error, and the console reports a 500 Error at the container's /api/saml/auth endpoint, followed up with a js Syntax Error: [Error] SyntaxError: Can't create duplicate variable: 'contentOriginal' which looks like it's in a versioned login.js file:

Screen Shot 2024-04-03 at 10 48 00 AM

From the documentation, I believe I have everything set up properly (but happy to provide additional details if it would be helpful) - any help appreciated.

deepakprabhakara commented 4 months ago

You seem to be going to the IdP login page of Mock SAML, for SP login use the SP metadata details from api/saml/metadata

nbennett25 commented 4 months ago

thx @deepakprabhakara - shouldn't the SP (the app) be sending the login request to the IdP (Mock SAML container), the user logs in, then the SAML container sends the SAML payload back to the SP, then redirecting back to the main SP page..? the screenshot of the login page is on localhost:4000 (the docker container)

fwiw, I tried using the straight non-docker version, and am getting the same error on the auth endpoint.

deepakprabhakara commented 4 months ago

That's correct, Your app (SP) sends SAML request to Mock SAML who then logs user in and sends SAML response back to the SP. But you are ending up in the IdP login screen instead of SP login screen of Mock SAML for some reason. Please check that your SAML request is using the correct SSO URL (api/saml/sso).

nbennett25 commented 4 months ago

Ok - thanks for the quick reply @deepakprabhakara - I'll take a look at the settings in the SP & update the ticket if I make progress.

nbennett25 commented 4 months ago

Ah - I think it might be erroring on the cert:

Compiled /api/saml/auth in 46ms (147 modules)
 ⨯ Error: error:1E08010C:DECODER routines::unsupported
    at Sign.sign (node:internal/crypto/sig:128:29)
    at []mock-saml/node_modules/xml-crypto/lib/signature-algorithms.js:31:32
    at RsaSha256.getSignature (/[]/mock-saml/node_modules/xml-crypto/lib/types.js:52:20)

I generated the certs with ed25519 not rsasha256

nbennett25 commented 4 months ago

That did it! thx @deepakprabhakara - I created the ssh keys using the commands in the comments in the .env.example file and that bounced me back to the app after logging in using the IdP at 4000 - I think my only request would be to surface the commands to create the ssh key from the .env.example file into the README.md just so users are aware of which algorithm to use.

deepakprabhakara commented 4 months ago

That makes sense, we'll add it to the docs. cc: @niwsa