Closed jesseadams closed 2 years ago
@derricksmith I saw in other issues you asked reporters to install the SAML Tracer extension and post a log of the process. I went ahead and did that. I did mask domain names and user names as example.com
and First Last
.
https://gist.github.com/jesseadams/7f4e3e3ba80042b44ed75d5dfae175ee
Please let me know if I can do anything else.
Thanks!
We ended up using a reverse proxy in Azure to get around the need for SAML.
First of all, thank you for your work on this plugin. I appreciate you.
We are trying out GLPI and this plugin with Azure AD for SSO to see if it is a viable solution. We are having an issue getting a valid SAML response from Azure AD. Once we attempt to login, upon being redirected we see 2 error messages on the redirect page.
Invalid SAML Response
with a link to login againThe response was received at http://REDACTED/plugins/phpsaml/front/acs.php instead of https://REDACTED/plugins/phpsaml/front/acs.php
We also are having issues with the Name ID Format setting persisting. If you updated it to a different value other than Unspecified, submit the change, and then come back it is set to Unspecified once again even though the update appeared successful.
A couple notes on our setup: We have a single t3.small EC2 instance running nginx on Amazon Linux deployed to AWS behind an ALB pointing to a db.t3.micro MySQL RDS instance. The ALB is terminating a valid ACM generated wildcard SSL certificate and the communication between the ALB and the EC2 instance is over plaintext on port 80. Please let me know if you need any other logs, information, or if I can somehow provide additional diagnostic information that would be helpful in troubleshooting this issue.
Thanks!