What is "translation missing: en.error_saml_invalid_ticket"??

[nousagi111]

I am using your OmniAuth SAML plugin for Bitnami Redmine SSO provisioning with an IDP. Redmine version - 3.0.3, Ruby version - 2.0.0, Rails version - 4.2.1,Gems version - 2.0.14

When a login request is sent, below error massage is created

"translation missing: en.error_saml_invalid_ticket"

Production log is below(some information is masked as XXX)

Started GET "/auth/saml?origin=https%3A%2F%2FXXX.XXX.XXX.XXX%2F" for XXX.XXX.XXX.XXX at 2015-08-06 16:10:47 +0900 Started POST "/auth/saml/callback" for XXX.XXX.XXX.XXX at 2015-08-06 16:12:04 +0900 Started GET "/auth/failure?message=invalid_ticket&strategy=saml" for 170.248.146.33 at 2015-08-06 16:12:04 +0900 Processing by AccountController#login_with_saml_failure as HTML Parameters: {"message"=>"invalid_ticket", "strategy"=>"saml"} Current user: anonymous Redirected to https://www.XXXXXX Completed 302 Found in 6ms (ActiveRecord: 0.4ms) Started GET "/login" for XXX.XXX.XXX.XXX at 2015-08-06 16:12:04 +0900 Processing by AccountController#login as HTML Current user: anonymous Rendered plugins/redmine_omniauth_saml/app/views/redmine_omniauth_saml/_view_account_login_top.html.erb (0.9ms) Rendered account/login.html.erb within layouts/base (2.2ms)

Completed 200 OK in 12ms (Views: 8.8ms | ActiveRecord: 0.3ms)

I don't know what is trigger of this error massage. I guess it's not about language error. I think it is connection error. I think I should write IdP's token(Public Key) other place. Now I wrote token on saml.rb like below

:idp_cert_fingerprint           => "MIIFKzCCBBOgAwIBAgIQDErRv....

Is it wrong?? I would like to know it is correct or not.

Regards,

Yoshito

[chrodriguez]

This error is from SAML. Check the following:

• Both systems (redmine & IDP) have the same time: clocks need to be in sync
• Is the certificate fingerprint you mention above the one provided by SAML IDP?
  • You can get a certificate's fingerprint with: openssl x509 -noout -in cert_file.crt -fingerprint

Let me know if you find the problem

[jchysk]

I'm receiving the same translation missing error when I'm sent back to the redmine from the IDP. This is what is in the log:

E, [2015-12-14T22:43:01.997435 #1] ERROR -- omniauth: (saml) Authentication failure! invalid_ticket: OneLogin::RubySaml::ValidationError, Element '{urn:oasis:names:tc:SAML:2.0:assertion}AttributeValue', attribute '{http://www.w3.org/2001/XMLSchema-instance}type': The QName value 'xs:string' has no corresponding namespace declaration in scope.

[chrodriguez]

It seems to be a malformed idp_cert_fingerprint, have you solved the issue? I close this issue. Please reopen if needed