search

omniauth / omniauth-saml

A generic SAML strategy for OmniAuth
https://github.com/omniauth/omniauth-saml
Other
331 stars 205 forks source link

Not getting past "Request phase initiated" #175

Closed febincloudyuga closed 4 years ago

febincloudyuga commented 5 years ago

I'm using Okta as the IdP and have performed the integration with Devise in my app. Page redirection to Okta is successful. After entering credentials, the application loops at the request initiation phase.

With Facebook as the provider, I'm able to get this to work with omniauth-facebook. Does omniauth-saml behave any different? I have configured idp_cert_fingerprint and idp_sso_target_url in devise.rb

Please find the logs - 

Started GET "/users/auth/saml" for ::1 at 2019-05-21 13:26:24 +0530
I, [2019-05-21T13:26:24.804897 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_cf327be4-0576-4f4b-948d-22ba54bd2441' IssueInstant='2019-05-21T07:56:24Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started GET "/users/auth/saml" for ::1 at 2019-05-21 13:26:25 +0530
I, [2019-05-21T13:26:25.967496 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_067221c0-4bfc-4a7b-a4a9-a1b152c17d7d' IssueInstant='2019-05-21T07:56:25Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started POST "/users/auth/saml" for ::1 at 2019-05-21 13:26:46 +0530
I, [2019-05-21T13:26:46.139525 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_ffd19b96-6524-494f-86d0-67e7ddeae4ea' IssueInstant='2019-05-21T07:56:46Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started POST "/users/auth/saml" for ::1 at 2019-05-21 13:26:46 +0530
I, [2019-05-21T13:26:46.962140 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_e8cbb1d3-8115-41c9-a889-da8925996e98' IssueInstant='2019-05-21T07:56:46Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started POST "/users/auth/saml" for ::1 at 2019-05-21 13:26:47 +0530
I, [2019-05-21T13:26:47.787352 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_cf7ceace-5476-4af0-b364-b7e6d92c14c3' IssueInstant='2019-05-21T07:56:47Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started POST "/users/auth/saml" for ::1 at 2019-05-21 13:26:48 +0530
I, [2019-05-21T13:26:48.579079 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_5aa0ea48-b5f4-4608-b98f-5545c7d87510' IssueInstant='2019-05-21T07:56:48Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started POST "/users/auth/saml" for ::1 at 2019-05-21 13:26:49 +0530
I, [2019-05-21T13:26:49.060480 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_449726e6-4a38-479b-9690-d6954898289a' IssueInstant='2019-05-21T07:56:49Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started POST "/users/auth/saml" for ::1 at 2019-05-21 13:26:49 +0530
I, [2019-05-21T13:26:49.547548 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_f7263e06-315d-4087-84a7-6eb2bf712411' IssueInstant='2019-05-21T07:56:49Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>
Started POST "/users/auth/saml" for ::1 at 2019-05-21 13:26:50 +0530
I, [2019-05-21T13:26:50.338994 #33130]  INFO -- omniauth: (saml) Request phase initiated.
Created AuthnRequest: <samlp:AuthnRequest AssertionConsumerServiceURL='http://localhost:3000/users/auth/saml/callback' Destination='https://dev-164881.okta.com/app/cloudyugadev164881_newapp_1/exkmcn2rwfmYYarvP356/sso/saml' ID='_632c518c-66c3-42fe-9558-7cde8ec4de8c' IssueInstant='2019-05-21T07:56:50Z' Version='2.0' xmlns:saml='urn:oasis:names:tc:SAML:2.0:assertion' xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'/>

......

The UI is stuck at signing in. Please find the screenshot -

Screen Shot 2019-05-21 at 1 26 49 PM

Please advice.

benoittgt commented 4 years ago

I am having the same issue. Did you find a solution?

febincloudyuga commented 4 years ago

I did get past this. Don't quite remember what the fix was. I was hitting the wrong URL is my guess.

benoittgt commented 4 years ago

This was the case. Thanks

jamescavallo commented 1 year ago

How did you fix this? I have the same issue