Closed karolgurecki closed 1 year ago
we are running into the same issue. Our configuration looks pretty similar to the OP's, we are also getting a 405 Method not allowed on the /saml/sso
endpoint. In the logs we see the following error:
DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
but for completeness sake:
{my-app-name}/saml/sso
(where {my-app-name} is a placeholder for our real app name of course)structurizr.properties
and saml-idp-metadata.xml
files and restarted the appservicestructurizr.properties
:
structurizr.authentication=saml
structurizr.url=https://{my-app-name}.azurewebsites.net
structurizr.saml.entityId={client id of the AAD Enterprise Application}
ok, so figured out what was the issue in our case. I set the Azure Enterprise App application id as entityId, instead I should ofcourse have used the Entity Id. Strange to get a 405 on this. I also noticed that the return url is case sensitive, so redirecting doesn't work if the url's don't match case
Your case may have been already solved by issue #8.
You have to adjust structurizr.saml.maxAuthenticationAge property to higher (90 days ?) than the default value (2 hours): https://structurizr.com/share/18571/documentation#max-authentication-age
Same problem wit keycloak here. Already tried to change the max-authentication-age to 8h, 24h, and 90 days, and didn't worked.
Same on my side, KC+structurizr
Somebody on the Slack group (onpremises channel) has mentioned that the instructions for Keycloak are out of date, and posted an updated screenshot. You may want to jump on there and take a look.
Alternatively, you may want to try forcing authentication -> https://structurizr.com/share/18571/documentation#force-authentication (although this seems to be related to issues with Azure AD).
Thank you for the screenshot, i fixed it now :)
Issue (for me) was that i disabled "sign document" function. Just in case if anyone need, sending my KC screenshot of the working configuration:
That's great, thanks. Would you consider sending a PR for the docs please?
https://github.com/structurizr/onpremises/blob/main/docs/docs/04-authentication.md#keycloak
Have similar problem when integrating with Okta. I receive on server logs
DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported]
.
This is on the returning from already authenticated user on
Did anyone resolved that problem? why structurizr is not accepting POST on that url.
In my case it was disabled signing on the request, please check your settings.
Thanks @samm-git that was also a problem on my side. Once I enabled SAML signed request then it started to work. BTW, to do that I had to export cert from jks existing on repo for structurizr onprem and upload it to Okta so then it was possible to enable it.
Hi people, i face the same problem with Azure AD and I resolved creating group claim on Enterprise Application:
Closing since the OP hasn't responded, so I'm assuming this is resolved ... please open new issues/discussions as needed.
Description
I am trying to configure Structurizer On-Premise with Azure AD SAML Authentication, but when Azure is redirecting to the application it returns 405. I am using latest docker build (3038).
Steps to reproduce
Configure SAMl Single Sing-on in Azure AD as described here https://structurizr.com/share/18571/documentation#saml-20
Screenshot
Azure AD Structurizer configuration Redirect result
Code sample
No response
Configuration
No response
Severity
Minor
Priority
Medium
Resolution
I have no budget, please fix this for free
More information
No response