search

chrodriguez / redmine_omniauth_saml

Plugins that adds SAML authentication support for "Redmine"
GNU General Public License v2.0
38 stars 57 forks source link

Redmine 3.2.0 - IdP Shibboleth 3 - 404 error #9

Closed adunare closed 8 years ago

adunare commented 8 years ago

Hello,

First of all, thanks for sharing your redmine plugin. I'm using your OmniAuth SAML plugin for Redmine SSO provisioning with an IdP Shibboleth 3.

Here's what I did to install the redmine_omniauth_saml plugin :

$ cd /var/www/redmine/plugins
$ git clone https://github.com/chrodriguez/redmine_omniauth_saml.git
$ cd ..
$ chown -R redmine:redmine redmine/plugins/
$ cd plugins/redmine_omniauth_saml
$ mkdir -p config/initializers/
$ vim redmine/plugins/redmine_omniauth_saml/config/initializers/saml.rb
$ bundle install --without development test rmagick
$ bundle exec rake redmine:plugins:migrate RAILS_ENV="production"
$ sudo service httpd restart

Here's my saml.rb config :

Redmine::OmniAuthSAML::Base.configure do |config|
  config.saml = {
    :assertion_consumer_service_url => "http://redminesrv.mydomain.com",                     # My Redmine Server
    :issuer                         => "http://redminesrv.mydomain.com",                         # 
    :idp_sso_target_url             => "https://idp.mydomain.com/idp/profile/SAML2/POST/SSO"     # URL used to send the assertion (url from the IdP Metadata
    :idp_cert_fingerprint           => "DE:84:0E:C9:57:CE:F9:73:......",             # My IdP certificate SHA1 fingerprint
    :name_identifier_format         => "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"     
    :signout_url                    => "https://idp.mydomain.com/idp/profile/SAML2/POST/SLO",    # SLO URL taken from the IdP 
    :idp_slo_target_url             => "https://idp.mydomain.com/idp/profile/SAML2/POST/SLO",    # SLO URL taken from the IdP
    :name_identifier_value          => "uid",           # attribute used for authenticates domain users with Shibboleth
    :attribute_mapping              => {
    # How will we map attributes from SSO to redmine attributes
      :login      => 'extra.raw_info.username',
      :firstname  => 'extra.raw_info.first_name',
      :lastname   => 'extra.raw_info.last_name',
      :mail       => 'extra.raw_info.email'
    }
  }

  config.on_login do |omniauth_hash, user|
    # Implement any hook you want here
  end
end

When I click on the SAML authentication button, below error message is created in my production.log:

Started GET "/auth/saml?origin=http%3A%2F%2Fredminesrv.mydomain.com%2F" for 192.168.253.44 at 2015-12-24 11:39:40 +0100
Processing by AccountController#login_with_saml_redirect as HTML
  Parameters: {"origin"=>"http://redminesrv.mydomain.com/", "provider"=>"saml"}
  Current user: anonymous
  Rendered text template (0.0ms)
Completed 404 Not Found in 3ms (Views: 0.5ms | ActiveRecord: 0.5ms)
Started GET "/auth/saml" for 192.168.253.44 at 2015-12-24 11:39:52 +0100
Processing by AccountController#login_with_saml_redirect as HTML
  Parameters: {"provider"=>"saml"}
  Current user: anonymous
  Rendered text template (0.0ms)
Completed 404 Not Found in 6ms (Views: 0.7ms | ActiveRecord: 0.8ms)

Could you confirm that "redmine_omniauth_saml" plugin is the Service Provider ? So how can I access to the SP metadata because I have to send it to the IdP Shibboleth 3 in order to create the trust relationship between my IdP and my Redmine Server ?

Thanks in advance for your assistance !

fontanon commented 8 years ago

@adunare I'm affected exactly the same as you. I'm using same redmine and plugin versions (3.2stable and 0.0.1).

Did you get redmine_omniauth_saml working in the end?

chrodriguez commented 8 years ago

I close the issue. Please reopen if still have problem