Closed mattzell closed 11 months ago
Ah interesting, that makes sense to be configurable
I to am suffering from the exact issue. The shellngn server simply responds with the following:
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}
Is there any workaround?
To my understanding it needs to come from the post request that originates from Authentik. I believe this is why it was tagged as an enhancement.
If you would like to enter directly from the Authentik User page, currently the workaround is to change the application URL to just the shellngn install main page and click "Company Login (SSO)"
To my understanding it needs to come from the post request that originates from Authentik. I believe this is why it was tagged as an enhancement.
If you would like to enter directly from the Authentik User page, currently the workaround is to change the application URL to just the shellngn install main page and click "Company Login (SSO)"
Can you show what fields need to be changed with screenshots? I tried to just remove the "saml/assert" section from the ACS url but then it just says "Not found"
Inside shellngn SSO settings, make sure shellngn URL is properly set.
Make note of the Assertion Consumer URL
and Entity Id
Inside the SAML provider inside Authentik you need the following:
Assertion Consumer URL
from shellngnEntity Id
from shellngnAdvanced protocol settings:
name
will be inside of shellngn, for my usage I chose authentik default SAML Mapping: Email
this is up to youOn Authentik Download the Signing Certificate from the SAML provider page.
Make note of the SSO URL (Redirect)
and SLO URL (Redirect)
Go back to shellngn SSO options
SSO URL (Redirect)
from Authentik SAML provider pageSLO URL (Redirect)
from Authentik SAML provider pageAs long as the Authentik SAML provider is assigned to an application you should be able to initiate SSO from the shellngn login page (not the Authentik user interface)
Logging in from the shellngn login page is SP-initiated (service provider) SSO, that is not what this issue is referencing.
Logging in from the Authentik User Interface page is IdP-initiated (Identity Provider) SSO, which is what this issue is in regard to. If you click on your application within the Authentik User Interface and not on the shellngn login page this method will still not work for you.
Hope this clears things up.
This is also required for RingCentral
I am attempting to use SAML IDP-Initiated login (from Authentik User Interface page to Service Provider) to log into an application that requires a Relay State be set as a query param on the login.
The software that I am trying to authenticate using SAML is called Shellngn https://www.shellngn.com/ . Their support indicated that we'll need to set a default
relay_state
to be sent along with the POST request that is sent to the ACS url of Shellngn. The default value that is required is{"organizationId":1}
. They provided a screenshot of where this configuration exists in Okta.Currently when getting to the POST step in the authentication process we are getting a 500 error in response from Shellngn and we believe the absence of this
relay_state
to be the cause of this error. Is there any way to set this in authentik for IDP-initiated logins?