search

snipe / snipe-it

A free open source IT asset/license management system
https://snipeitapp.com
GNU Affero General Public License v3.0
10.81k stars 3.13k forks source link

SAML Issue with OKTA #12658

Open mcalibur opened 1 year ago

mcalibur commented 1 year ago

Debug mode

Describe the bug

Hello, So I've tried to setup the SAML for okta. Followed all the steps needed ( https://snipe-it.readme.io/docs/saml ).

the nameID sended in the saml assertion is the same than the username of the the test user created on the snipe-it tenant. But unfortunately, I still have the error "Error There was a problem while trying to log you in, please try again.".

I've done a saml tracer to confirm that everythings good. Try to log in using "login via SAML" option. In the saml setting on snipe it everything is set as written on the procedure.

Reproduction steps

Set saml on okta Attribute the app launch it Error !

Expected behavior

The saml should work as intended.

Screenshots

Capture d’écran 2023-03-13 à 14 43 59

Snipe-IT Version

v6.0.14 build 9236 (g05a3f20d5)

Operating System

macOS

Web Server

NOne

PHP Version

8.0.27

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

welcome[bot] commented 1 year ago

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

MuratDoganer commented 1 year ago

+1 also getting this exact same issue, might be related by also getting errors while setting up SCIM in Okta too:

Screenshot 2023-04-04 at 14 13 46

aakash13890 commented 9 months ago

I am having the same issue. Is there any update on this?

uberbrady commented 9 months ago

We have tons of users and customers using SAML with Okta and it (generally) works just fine.

The single BIGGEST problem we typically run into is if you try to log into a non-existent user. The user needs to already exist in Snipe-IT. We do not do just-in-time provisioning (because it doesn't make sense; only a small fraction of users typically log in to Snipe-IT - and those ones who don't would never get provisioned - which means you can't check things out to them). Second biggest is if your usernames don't line up to NameId's - that's how we determine who to log you in as.

Your best bet is to set LOG_LEVEL=debug in your .env, and look for errors in storage/logs/laravel.log. They might give you a clue as to what's going wrong.

aakash13890 commented 9 months ago

I was able to sort it out. I had to set up Okta app again with 'Okta username prefix' username format because that's the username format we have in snipe IT.