Invalid_response error on login persist

morincer / teamcity-plugin-saml

The plug-in adds ability to authenticate users by SAML-based SSO providers (like Okta, Onelogin etc.)

MIT License

24 stars 16 forks source link

Invalid_response error on login persist #135

Open mitchflores opened 3 months ago

mitchflores commented 3 months ago

Problem: Persistent - Invalid_response error on login

Environment details:

Version: TeamCity Enterprise 2023.11 (build 147331)
IdP Config:
SP Metadata:
teamcity-auth.log collected:

Additional Info:

We are running TC server using docker container.
docker-compose.yml
.env file
With NGINX reverse proxy in front of it.

mitchflores commented 2 months ago

We have resolve this issue by creating a new enterprise application in Azure Entra, and configure basic SAML from the ground up. It turns out that the issue was due to our existing enterprise application was configured completely different from the guide. It was configured with openid connect and oauth as oppose to basic SAML from the guide instruction. We had the Identifier (Entity ID) set to the Application ID, whereas the SAML settings expects it to be same with callback URL.