search

nbgrp / onelogin-saml-bundle

OneLogin SAML Symfony Bundle
BSD 3-Clause "New" or "Revised" License
44 stars 16 forks source link

Problem with the settings for Azure #49

Closed marionAvizzeo closed 10 months ago

marionAvizzeo commented 10 months ago

Hello,

I am using onelogin-saml-bundle on symfony 6. With google, everything work fine. But I have issue on Microsoft Azure. When my application launch the connection to azure, I receive the error AADSTS750055: SAML message was not properly DEFLATE-encoded.

Unlikely to google connection, I think Azure required the request to the idp to be encoded and deflated. But i can't find the right settings to set. In the azure xml metada, I have a digest value and a signature value. But I don't know where to put them in my bundle setting.

Here is my setting:

nbgrp_onelogin_saml:
  onelogin_settings:
    default:
      # Mandatory SAML settings
      idp:
        entityId: "%env(SAML_ENTITY_ID)%"
        singleSignOnService:
          url: "%env(SAML_SSO_URI)%"
          binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
        x509cert: "%env(SAML_CERT)%"
      sp:
        entityId: "%env(LIGHT__SAML_ENTITY__ID)%" 
        assertionConsumerService:
          url: '%env(LIGHT__SAML_ENTITY__ID)%/saml/acs' 
          binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
        singleLogoutService:
          url: '%env(LIGHT__SAML_ENTITY__ID)%/logout'
          binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
      # Optional SAML settings
      baseurl: '%env(LIGHT__SAML_ENTITY__ID)%/saml/' 
      strict: true
      debug: true
      security:
        nameIdEncrypted: false
        authnRequestsSigned: false
        logoutRequestSigned: false
        logoutResponseSigned: false
        signMetadata: false
        wantMessagesSigned: false
        wantAssertionsEncrypted: false
        wantAssertionsSigned: false
        wantNameId: false
        wantNameIdEncrypted: false
        requestedAuthnContext: true
        wantXMLValidation: false
        relaxDestinationValidation: false
        destinationStrictlyMatches: true
        allowRepeatAttributeName: false
        rejectUnsolicitedResponsesWithInResponseTo: false
        signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
        digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256'
        encryption_algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
        lowercaseUrlencoding: false
      compress:
        requests: false
        responses: false
  # Optional parameters
  use_proxy_vars: true
  idp_parameter_name: 'custom-idp'
  entity_manager_name: 'custom-em'

Can someone please help me ?

Marion

marionAvizzeo commented 10 months ago

In searching directly in the bundle, I have found the right setting to change. It's 

compress: 
requests: true

which deflate the AuthnRequest.