ls1intum / Artemis

Artemis - Interactive Learning with Automated Feedback
https://docs.artemis.cit.tum.de
MIT License
513 stars 294 forks source link

Login with SAML 2.0 => User does not exist in the Artemis database! #9627

Open manhlt1990 opened 4 weeks ago

manhlt1990 commented 4 weeks ago

Describe the bug

I have been config SAML config information in application-saml2.yml. but when I was login sucessed and then redirect to website it show message: User does not exist in the Artemis database!

my debug on website image

To Reproduce

my setting in application-saml2.yml image

my SAML config image

Expected behavior

logged suceessfuly into website

Screenshots

image

Which version of Artemis are you seeing the problem on?

7.6.4

What browsers are you seeing the problem on?

Chrome

Additional context

No response

Relevant log output

No response

dfuchss commented 3 weeks ago

What logs exist in the backend? For us, 7.5.6 is working with SAML2 :)

manhlt1990 commented 3 weeks ago

hi @dfuchss this is log that i log in my application. please kindly help me check

Failed to match Issuer to any supplied valid issuers: [https://sts.windows.net/5e7932e1-2749-46ea-929c-b1bc12bf180b/] Found 3 validation errors in SAML response [_b245de51-b3fa-4a58-aab5-09fdc19d172d]: [[invalid_signature] Invalid signature for object [_b245de51-b3fa-4a58-aab5-09fdc19d172d], [invalid_issuer] Invalid issuer [https://sts.windows.net/5e7932e1-2749-46ea-929c-b1bc12bf180b/a2082341-9946-4611-9b5d-bf0e6cbe5a8c] for SAML response [_b245de51-b3fa-4a58-aab5-09fdc19d172d], [invalid_assertion] Invalid assertion [_86402408-63fd-40e4-a945-33ae59680b00] for SAML response [_b245de51-b3fa-4a58-aab5-09fdc19d172d]: Issuer of Assertion '_86402408-63fd-40e4-a945-33ae59680b00' did not match any valid issuers]

this SAML response infomation image

dfuchss commented 3 weeks ago

Could you also provide the log of Artemis? Is there anything in particular regarding SAML ?

dfuchss commented 3 weeks ago

Especially, the error user does not exist in backend is interesting because the user will be created during first login. Maybe connecting a debugger to the instance and adding a breakpoint to the Saml2Service provides rhe needed insights .

manhlt1990 commented 3 weeks ago

hi @dfuchss I am fixed by work around to update code. becase I am using SAML authentication with Microsoft Entra ID with have EntityID difrreent in asserting and RelyingParty

I think we need have to config option in application-saml2 file like entityId-asserting-detail

image