NO_AUTHENTICATED invalid_response WHEN integrated with Joomla 3.6.5

[baoqphan]

Hi, I am new to onelogin. I want to integrate my Joomla Site with OneLogin. I installed onelogin joomla plugin (for 3.3) and oneplugin library. I set up all the settings. I got

NO_AUTHENTICATED invalid_response

When tried to login with a valid user and password.

Please help

[pitbulk]

Enable the "debug" mode on the SAML settings, and also on Joomla/PHP, the reason for the invalid_response should be printed and then you will be able to fix the settings on IdP or SP in order to solve the issue.

[baoqphan]

Hi,

1. I enabled the Debug Mode on the Advanced Setting of the OneLogin authenticaiton plugin
2. I enabled the joomla Global configuration -> System -> Debug System.

I can't see the reason for "invalid_response".

Thank you very much.

Sincerely,

Bao Q Phan

"Easy to take off. Harder to Fly"

On Mon, Apr 10, 2017 at 2:44 AM, Sixto Martin notifications@github.com wrote:

Enable the "debug" mode on the SAML settings, and also on Joomla/PHP, the reason for the invalid_response should be printed and then you will be able to fix the settings on IdP or SP in order to solve the issue.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/onelogin/joomla-saml/issues/2#issuecomment-292873757, or mute the thread https://github.com/notifications/unsubscribe-auth/AKjIyiUL1sJ-M_lv1Bv90oJS-uRRJeAvks5rud3UgaJpZM4M33m- .

[pitbulk]

Hi,

Edit oneloginsaml.php, line 65

$errors = $saml_auth->getErrors();
if (!empty($errors) && $debug) {
            $msg_error .= '<br>'.implode(', ', $errors);
}
$msg_error .= '<br>'.$saml_auth->getLastErrorReason();

[baoqphan]

Here is more details on the error:

Error NO_AUTHENTICATED invalid_response The response has an empty Destination value

[baoqphan]

Here is the response (decoded):

https://app.onelogin.com/saml/metadata/645821https://app.onelogin.com/saml/metadata/645821f1fpqPXwWaJt9PqxeecI03kSUg0=zsQy30P6LPMNiKMxvcCYCMgCLq7yMZdVuSeJjUy/BLFV/fyq20miUs5l1dZPX/OcZsrHDJDmDOk6KZ7RDnCeHBNakwF5c4g25t6LdKwJdMo0Nw+Lt5ePKGJVYsZeWUaMOgT0dBFsI5vRdvfkc/AD56ILR+lSH3s98KBnMM1sWaW9HmhhmInQpFV06ZWt1BFp6P6+7B88s70yPSVqjSfg1Pg5J683BTqgMOzAqsVc1TNn8umH09XLAysDP3CkloHXJfRYls7MNpNJspq+VZID9mFx44rpkwhlCi15m+WL6f1TVDWzJwGci428p/MHb8YCrBBuIVWEM7ILRRUUVYYHGg==MIIELzCCAxegAwIBAgIUAdv4S2pFg9crJzHD2SqETdiA4VMwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1RFQVBJT0NBIExPVU5HRTEVMBMGA1UECwwMT25lTG9naW4gSWRQMSAwHgYDVQQDDBdPbmVMb2dpbiBBY2NvdW50IDEwNDEyMjAeFw0xNzA0MDUwNDMwMDdaFw0yMjA0MDYwNDMwMDdaMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9URUFQSU9DQSBMT1VOR0UxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEgMB4GA1UEAwwXT25lTG9naW4gQWNjb3VudCAxMDQxMjIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhg8pozVj23Ajy8LbZnGAcq2nVpL49zEW0eVPPXwoXyGm18VyBDUR+TiTcjlg+/4m7qCAIS/OvZCQXp2kQeAtKOfa34WGF9RdlARqDawuhvBsmLRj10bfu8tHac+ZBNtoCmMNz+kZ5/JUd6UBlcBmP9CRfOm1KNHGHoK/h8bcTnjs9beoPGPNNxySQmzDX8ogCMMX4IsWM4cr/2KxipvPWxHC2TuQmsm+tpaO4bM1r3X1IkLw+QCKt8Rm3Safzq+a2UUtcDli0Q0T4/+0bQEsHyi67N66zGN8ldAYIX8bQ/2YM8OKkgB+4ChGDwvvxPROFMpQqo5outaxjD1pF7o1BAgMBAAGjgeAwgd0wDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU6nW7KdawquM8Xa4bNNUCi1yhKmgwgZ0GA1UdIwSBlTCBkoAU6nW7KdawquM8Xa4bNNUCi1yhKmihZKRiMGAxCzAJBgNVBAYTAlVTMRgwFgYDVQQKDA9URUFQSU9DQSBMT1VOR0UxFTATBgNVBAsMDE9uZUxvZ2luIElkUDEgMB4GA1UEAwwXT25lTG9naW4gQWNjb3VudCAxMDQxMjKCFAHb+EtqRYPXKycxw9kqhE3YgOFTMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAy/c90o2lhzT68nKze5rWJ5+omPTzYv3eEQ81+DtIhmIyE7u0u+EUooDFNinOdBKV1vab/7igBnxjUm+pk6qzRm+c8Up8k1eI4ZI/EPsq34C3ZOsw6w/ZsgbDuLkODC6lf7qQku75xiTXEarQBA41T0hWvSCfVxLUzMYUw+qk8iGU/HV02ft7BR4+6MKXKf9DOoejD2HICVnEFTVTyBDtouO3THRJ0taKkUtQ5imKdy4ElMUlwZVdjCqLovH+TCMiqlxgtIlKpOJ/crQqy4lUvG5F4L/EN8xdphiw0UBtImjmuSz+vwH4OCS04pdGZCXKECZJgQd2pM6lJ3K1Cj/3oA==baoquocphan@gmail.comurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

[baoqphan]

So, The Destination field from the SAML response is actual empty

Destination=""

[pitbulk]

You need to provided on the Onelogin Test Connector a valid Recipient (in this case same than ACS URL).

[baoqphan]

Hi, I am using Joomla App in OneLogin and it goes against the joomla site.

Do I need to configure the Onelogin Test Connector?

[pitbulk]

Yes since it seems Joomla App in OneLogin works with previous versions of joomla-saml but not with the latest version that requires a Destination value.

[Michandrz]

@pitbulk 3 years old now. Please close.