rpadovani
commented
4 years ago Investigating a bit more, it seems that subspace explicitly requests a transient token, that makes it unusable with O365. I don't understand if I wrongly configured subspace in some way
This is the request sent by subspace:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="id-REDACTED" Version="2.0" IssueInstant="2020-06-15T11:00:36.618Z" Destination="https://login.microsoftonline.com/REDACTED/saml2" ForceAuthn="false" AssertionConsumerServiceURL="https://subspace.nextbit.it/saml/acs" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
<saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://subspace.nextbit.it/saml/metadata</saml:Issuer>
<samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true" />
</samlp:AuthnRequest>
Thank you for this amazing piece of software, I'm moving to Subspace from OpenVPN :-)
Describe the bug I implemented the integration with office 365, but when I click on "login with microsoftonline", although the login succeeds, the user has a random name (e.g.,
e+/YjyGiCw0X1McxCk8bffdHqWo5y9G4Py+47p8Q8Z8=), but the main problem is that every time this identifier changes, so users are not able to retrieve previous configuration.Expected behavior
The user id is always the same. The user id being the user email would be a plus
Screenshots
This is my configuration over Azure: