SAML has issues with MAUTIC
-
Jay Swaminarayan!
While this was functioning perfectly well during previous versions, after upgrading to 1.34.xx the SAML SSO has started getting failed after returning to the service.
I have tried resetting all the settings and even trying to add new application and enabling the SAML exchanging and configuring the settings.
After lot of troubleshooting and decoding the AuthResponse payload, we could find the following issue.<ns3:Status> <ns3:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/> <ns3:StatusMessage>Unable to authentication the user via the nested OAuth workflow. Consult the logs for additional details.</ns3:StatusMessage> </ns3:Status>Following is the full response object.
<?xml version="1.0" encoding="UTF-8" standalone="no"?> <ns3:Response xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#" ID="_76de3fda-0f4c-45f2-b382-79bfa78be431"> <Issuer/> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <Reference URI="#_76de3fda-0f4c-45f2-b382-79bfa78be431"> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <DigestValue>MymT6dHHijkye+3R8Ysj6aoMkxdJUhbfCqHqxAp98MY=</DigestValue></Reference></SignedInfo> <SignatureValue>CSZc9rLHOOyn50PMHkERzdReV+aW4pS4qCjAsET/0DIcPt6ptAaLNiRPl2/v56uxJ1Dx4a+RCGSUf3A5mrQCIFsLhNXgmDHkET8pzUwiAIxm7JsM76z7Tk0/AcUok93XlkjjnEFxuRe/QwsxXQhG2NYalRM8IWyqkfz27NVaM5lK/TSpzW6ub/C9EAxXVx925rf3Op8ILKUJLrenp8pYscGuKHH29qhA0V2+riP+ShZqb5iHruqZZjNA7qUGRAIbZeu7MuFNh5Es2wMK3wemUOwpGY+5i6u85Yffl854+68lk5u9JhsJ18sdhzMK9nwsJ48dPhiH8w53jDmxX9+8BA==</SignatureValue><KeyInfo><X509Data> <X509Certificate>MIICxTCCAa2gAwIBAQIRALtIbH2EDUSVqXSCIdaei+IwDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UEAxMTaHR0cHM6Ly9ndXJ1a3VsLm9yZzAeFw0yMjA0MjUwMzQzMTFaFw0zMjA0MjUwMzQzMTFaMB4xHDAaBgNVBAMTE2h0dHBzOi8vZ3VydWt1bC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFhi/uU8xbFpN00//RZbBj6BalrMcSpLIFhQ4zdj5DJx1e1jDlAKVAFDnaImvgkEGTipxETcN3wDp0umBhf+P2GRfKq5ZRcbiYgR4LnZl8TRKQrJa3hL2wCpYAlhHW4oc4zeNSoCzQra9URTPFXVF1Md319eLyZz8Ao+x08hqgHdS7bluBxlCHaqrR/eQtPmuRofhGKPTvTOaMyAf1+AIU2P6V3YV11WdRisytbmPNdACnrY0h9Uh+iR+S9owsXSrRQiY4tFV8qt8Oeo4St+gMSbYTKm8M3RNJgR2OxfHasDrknT6Wgjgtu03nxL7K19K6MT0P73Oi+roaFxl64mDnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAERqZhMk9VAcPMYMDjHv/YrCAVgWntmKU3KIDxLhzpvW1uWo45Ni1G1cXiQTAi39uTdP7w2LmoKO6HbbLmWnQIOx06XxqdE4sllQRe7Za62wY4zI0XSuAPMWCHlGoKmXoKb2xz6QCmOHxQM46itfxF0amfZiZnx6bDUwEI9Iu8pTeAGejpoyCMmiV2zeP1yWoeoM/B2lPEZU+HD18Z87QY8hxCLP3rU1tD5Lm2vw+fpN6dWPD0q/rN6TgwiQtJieIRCeBYOu1OZrzfrIGurf1vTLZ4JuLHSE+zGfdxNPRFtA7BaQdlz1g83Nb2BUNRbkYXAQOVaaodcsb/Pu9t4Bx5w=</X509Certificate></X509Data></KeyInfo></Signature> <ns3:Status> <ns3:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/> <ns3:StatusMessage>Unable to authentication the user via the nested OAuth workflow. Consult the logs for additional details.</ns3:StatusMessage> </ns3:Status> </ns3:Response>I suppose this must be some very simple configuration issue, however, kindly help me get some info on the above, so that this can be Resolved.
Thanking you,
-
-
-
Do you have a support plan? If so, the best way to get support is to open a ticket: https://account.fusionauth.io/account/support/
-
This post is deleted!
