Exception while invoking method 'login' Error: SAML Assertion did not contain a proper SAML subject value

[nadeemja]

Hi,

I'm getting this error both locally and in production on the server side.

However, locally the app actually logs in, but not so in production.

For a little while it worked in production at app.sembly.no, but then it stopped again.

Nothing happens after the popup closes, except the error message: Exception while invoking method 'login' Error: SAML Assertion did not contain a proper SAML subject value.

I'm using the latest version.

Also, 50% of the time when clicking the link with data-provider="openam" the popup has a url like:

https://app.sembly.no/_saml/authorize/undefined/v4WP84L2Kf9WAhRjE

Why is it ever "undefined" after authorize? I've followed all the instructions correctly in the readme.

Please help to debug this :)

[harryadel]

Hello @nadeemja, I may have a reached something. Please try to modify the click function to the following:

click .saml-login' (event) {
    console.log('you clicked me!');
    event.preventDefault();
    var provider = $(event.target).data('wso2');
    Meteor.loginWithSaml({
      provider
    }, function(error, result) {
      //handle errors and result
      console.log(error);
      console.log(result);
    });
  }

  <a href="#" class="saml-login btn btn-default navbar-btn" data-provider="wso2">WSO2-Login</a>

  "saml": [{
    "provider": "wso2",
    "entryPoint":"https://localhost:9443/samlsso",
    "issuer": "http://localhost:2090",
    "cert": "6BF8E136EB36D4A56EA05C7AE4B9A45B63BF975D",
    "idpSLORedirectURL": "http://localhost:2090/form",
    "privateKeyFile": "certs/key.pem",
    "publicCertFile": "certs/cert.pem"

  }]

Surely, feel to replace "wso2" with whatever name you see fit. Cheers!

[nadeemja]

Hi Harry!

Thanks for chiming in.

Indeed, I too had to hardcode the link to make it work with my particular provider.

As for the error in the title, I had to start saving the SAML-response in my MongoDB as a document in a collection, and then fetch it from there later. This approach works perfectly.

[harryadel]

Well, now I run into this weird problem. I'd definitely appreciate it if you could help me out with.

  "saml": [{
    "provider": "wso2",
    "entryPoint":"https://localhost:9443/samlsso",
    "issuer": "http://localhost:2090",
    "cert": "6BF8E136EB36D4A56EA05C7AE4B9A45B63BF975D",
    "idpSLORedirectURL": "http://localhost:2090/form",
    "privateKeyFile": "certs/key.pem",
    "publicCertFile": "certs/cert.pem"

  }]

Does this mean my private key and public certificate files aren't being read at all or they are being read but there's something wrong with them?

[nadeemja]

Hello,

I'm not sure why you're seeing that error.

Here are all the changes I made for this plugin to work with my app.

https://ufile.io/h47c9

[harryadel]

Hi @nadeemja, I managed to solve it. All I had to do was to remove certain fields in my settings.json as they were unnecessary:

  "saml": [{
    "provider": "wso2",
    "entryPoint": "https://localhost:9443/samlsso",
    "issuer": "http://localhost:2090/",
    "idpSLORedirectURL": "http://localhost:2090/form",
    "dynamicProfile": true

  }]

Thanks, buddy! :) I think it's safe bet now to say we can terminate this issue since both of our problem are solved, have a nice day!

[JackStoneDev]

I am getting the same issue. I have provider, entryPoint, issuer, and cert in my settings. Please advise.

[harryadel]

@JackStoneDev The problem culprit may vary depending on what identity server you're trying to use, but I bet that your problem is caused by providing nonidentical issuer to one of the parties (your meteor application, or the identity server). All in all, I found out that most identity servers provide some sort of an inner error log, so make sure to enable it and check it out. Also, try removing cert field, it's unnecessary in some cases. lemme know if you found out anything.

[JackStoneDev]

@Harry97 I haven't tested it live but just with localhost -- that could be the culprit. I am able to log in fine, but then I get the console error about the SAML insertion.