a-menshchikov
commented
8 months ago Hi @Abudi7 Could you show your configuration of the onelogin-saml-bundle + the stack trace of that error?
Open Abudi7 opened 8 months ago
a-menshchikov
commented
8 months ago Hi @Abudi7 Could you show your configuration of the onelogin-saml-bundle + the stack trace of that error?
Abudi7
commented
8 months ago Hi @a-menshchikov , it is the Basic configuration like in the documentation on Github.
nbgrp_onelogin_saml: onelogin_settings: default:
idp:
entityId: 'http://adfs.my-domain.com/adfs/services/trust'
singleSignOnService:
url: 'https://adfs.my-domain.com/adfs/ls/'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
singleLogoutService:
url: 'https://adfs.my-domain.com/adfs/ls/'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
x509cert: 'MIIC4jCCAcqgAfgfgfDAtMSswKQYDVQQDEyJBREZTIFNpZ25pbmcgLSBhZGZzLmFudG9uLXBhYXIuY29tMB4XDTIxMDQwODExNUyBTaWduaW5nIC0gYWRmcy5hbnRvbi1wYWFyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+yta9/VQ4z/pLhP+nEBgKRyIjHultvhmAvXC5xQGWJ91g30ZbB05ObhHhxhDhidWMRUzKp3uaFy5itdYN/PMWNWKmK3PatfzkNddHEB6Vdafhd+dvf9HU2RksdG0kms/FCglR8ApeHwXJd/frVaMwejY9v1GSIEY3TLhWMKSmlrXtDMfvvFRJNegeLyHrGyQMaLb80RF7PlcpQ50J/pEmrKCUNqEwDkn4VEhWMtAJ+aX29nrfTG6vCkyE+on8ox4zq6fStyz1x6Jdo/fckMEBG64NkzopJDmy2/dE3R2j/eQuEVH1CxtavN5YDTD6bAvD20J4NmYE3bohaBYoZYdECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAY6i4E7CFfTA22cwql39w7sVasIUmrNCE2ydTdcUk+EbjFOylxplIXrqChpCrQJQe9mvOZN7p8xqis6J15hedp25RD5wurF4LPo+O2TDDDvYsRqPXFBSCgiGRJuvntJFisfpbM/LmPE4jHrF/1TpUo4jTR6Gg8q9SozNpHttti6uEl1hQX97zT2vbxaP9BNhB6dIAOOV9OGV3itY+sj8BHUyqUbxmaougaWaaN82tXek+5CDVLYc/g7xo2ahAWSengrX/KX3l5cIbLkLdJAzp3KxdaCtXpAttUIA3lieITTeT3ADhUp7x3zEAXivneurlVwxzIxEpmaO/rhIm2UeXBw=='
sp:
entityId: 'https://imp-dev.my-domain.com/saml/metadata' # Default: '<request_scheme_and_host>/saml/metadata'
assertionConsumerService:
url: 'https://imp-dev.my-domain.com/saml/acs' # Default: '<request_scheme_and_host>/saml/acs'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
singleLogoutService:
url: 'https://imp-dev.my-domain.com/saml/logout' # Default: '<request_scheme_and_host>/saml/logout'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
privateKey: 'MIIEvQIBAgdfgdfgU7A1Mds8DMmP7pBtH85F7CjD79WSNYTmkOWay4UQKBgEwK49te+NddST5Gpfso52eADTm5SCZcOgYdU8/8IS5JZoOtlV6axQWXV/e2rSrmq1YsFxRT32eidjBi8gUcM4LoUPYzJYWmKku9uidVShesD/K2a9PpFRzuf8CKr28q7uN+Dc3JE9dwWgmGGKXmcvGJbXi0qqZlibS29y5LzJyRAoGBAKleHMOip84ZmDy90Mk7bo6adO9VzeUHs+T3gxukHsLbicSEzc0JeAg9QmxHi+75IC5XVNayI5jKkwTnKFb0dZaIi26B0PJZiBIDgdLk1/+xiAUNp/sA7ZRruFiCCkAtoJZrQU7+PXlDrDOa5OLn55qtT6Ty1Si0XX5QtTLgtSexAoGAWVy7L9IXUT84oKn3V2QqpLuNjAzDkIG8fLO1ZL3H0l/rEeDaJ3IIV6xIPbvR9FUygR9RDfhbJbMMRvwjxtiPGn6yK2HVz1pM/1+A4IL8UF7cLdwqReohigBWDv7f3S+g+DbK4rAmyGr+DTHQPr3kSX4dkwfTynMOQc7yPMgxJn8='
x509cert: 'MIIDfTCCAmWgAwIdhfgdhfghghkzklhWExDTALBgNVBAcMBEdyYXoxGDAWBgNVBAoMD0FudG9uIFBhYXIgR21iSDELMAkGA1UECwwCSVQwIBcNMTcwNDEyMTAzODI0WhgPMjExNzA0MDgxMDM4MjRaMFQxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZTdHlyaWExDTALBgNVBAcMBEdyYXoxGDAWBgNVBAoMD0FudG9uIFBhYXIgR21iSDELMAkGA1UECwwCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSNauwWBZCrticFgWojWqqHWJxerJhfGoy+8tABX/VCZwRlBOTYL3njcksT3MAxS4Q0ck4iLfJrKtIxgwROnS1F5n3PevI0S2t3aGXl1yE7RTJeTWPcEVYyPFPSoQhHt2LexAiTk0t0ukGbyBZN3+9saBKd+Zt2BpkPYNbiDG2DtyUUkPrBggIv9bEtKZSW7Hzppj6vg2+3Kom8k4odax1LwBGeOoLU/2EECVDyIEotuuh2GZ0sdqEsLAEvE6VgkMAovEWFQ+4jFshSyaClms8+Ec6c/4xtnDP03q6+HT26ANbsYr+I07nuTlXGDeQ3S8kJsgGgvV4YD9q8+iqz2FAgMBAAGjUDBOMB0GA1UdDgQWBBRlex099FcJGz3caERiEDSDYlR+ZzAfBgNVHSMEGDAWgBRlex099FcJGz3caERiEDSDYlR+ZzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBKd48LFGMecCelPmbNeIraFuchOd2HpRl1XDOffit1ZCtZrm5LjpISv8+zzDQFLY4e4KWumcuDxb9NU6DiquT7pP1aQmMJd2H6tbKoul8p3mi50hHiAKs6zy8tV4eDgWq6n3r5VQK9SpdVjeZOikE6sq4FtrhNgQRaZ3TGYrT52fkVHJym3EzeAcZkoG1RnW0JtVVstMajFEVW+poHrPe2PDo9Rn9Nq/U2M4uMHXtw86jjjX9YDqGBjF/ZIbge0rrt0ixQzuAu/p60IdTxRBnsFJaPaQr1XaKfKSEMbR21LKEvuXXFwydqA9gFjtsm2x/OuKGTkoYL1UGJXZmFyEtR'
# Optional SAML settings
baseurl: 'https://imp-dev.my-domain.com/saml/' # Default: '<request_scheme_and_host>/saml/'
strict: true
debug: true
security:
nameIdEncrypted: false
authnRequestsSigned: true
logoutRequestSigned: false
logoutResponseSigned: false
signMetadata: false
wantMessagesSigned: false
wantAssertionsEncrypted: false
wantAssertionsSigned: false
wantNameId: false
wantNameIdEncrypted: false
requestedAuthnContext: true
wantXMLValidation: false
relaxDestinationValidation: true
destinationStrictlyMatches: true
allowRepeatAttributeName: false
rejectUnsolicitedResponsesWithInResponseTo: false
signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256'
encryption_algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
lowercaseUrlencoding: false
compress:
requests: false
responses: false
# Optional another one SAML settings (see Multiple IdP below)
#another:
# idp:
# ...
# sp:
# ...
# ...
# Optional parameters
#use_proxy_vars: true
idp_parameter_name: 'custom-idp'
entity_manager_name: 'custom-em'
The request never comes back to Symfony. with simplesaml every thing work fine.This is the error message on the adfs side:
Activity ID: 8d25e23f-234e-4b48-d84d-0040010000b4Error details: Found invalid data while decoding. Node name: 50a94d7d-4149-468e-90c0-e573941a2cc2 Error time: Tue, 07 Nov 2023 10:45:35 GMT Cookie: enabled User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
We get an error, when using adfs server as IDP Error details: Found invalid data while decoding.
What do we have to configure to get adfs server working? Thanks for your helping.