-
-
Notifications
You must be signed in to change notification settings - Fork 3.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SAML doesn't work anymore after Update to 7.0 #14895
Comments
It seems |
It looks like there might be an option we can set called |
I ran into this exact issue when using the docker container behind an application load balancer (AWS). To resolve this, I rolled back to the previous version, added the |
Oh, nice catch! Will definitely try that tomorrow.
Am 18. Juni 2024 14:21:27 UTC schrieb Chad Frownfelter ***@***.***>:
…I ran into this exact issue when using the docker container behind an application load balancer (AWS). To resolve this, I rolled back to the previous version, added the `baseurl=https://assets.example.com/saml` option to the SAML config (Admin Settings -> SAML -> SAML Custom Settings), and then pulled the latest v7 container. The [documentation](https://snipe-it.readme.io/docs/saml#:~:text=When%20you%20run%20Snipe%2DIT%20behind%20a%20reverse%20proxy%20the%20following%20property%20might%20be%20necessary%3A%20baseurl%3Dhttps%3A//assets.example.com/saml) does mention this but I missed it originally since it was working fine prior to the upgrade.
--
Reply to this email directly or view it on GitHub:
#14895 (comment)
You are receiving this because you authored the thread.
Message ID: ***@***.***>
|
We're experiencing the same issue.
Specifying |
✅ I just tried it, and in my case the addition of |
@MarijnMB :
Maybe also doublecheck again your IdP client setings. My client settings in Keycloak look like this: |
Oh, I just noticed while checking the SAMLResponse that the Interesting that it works nevertheless (in my environment). But that may be your issue @MarijnMB. Does someone have any idea how to fix this? |
@koelle25 we pushed out a few changes yesterday (and this morning) to try to help folks behind a proxy. Can you give latest from master a shot, and/or add |
I'm on 7.0.4 now. SAML auth (still) works (at least for me), but I still have both But upon inspection of the SAML Response, the |
I am having the same issue on 7.0.4 and i cant fix it using the |
Try again with |
Nope, still does not work |
Ok, now it seems to work. Adding |
This is working for me. We're using Azure Front Door + Azure Container Apps. v6 was working fine but v7 requires these adjustments. As others have mentioned, the |
I'm really happy to hear that it sounds like we have a workaround! That's great news. But we're working on an actual code-fix for that as well; the discussion for that is happening in #14919 - as well as the code-workaround. If any of y'all want to take a swing at that test I mentioned there, it would really be appreciated. Thanks! |
SAML was working great with Azure for us.
local access works fine for me using what is needed to get SSO working again after the update? 😒 UPDATE: Ok, adding |
v7.0.6 just dropped and should include a fix for this issue. |
Cool, just to be sure, i dont need the baseurl parameter anymore? Do i still need the app_force_tls env variable? |
You should no longer need the For the force TLS thing, you shouldn't need that env var any more? But you should give it a try and see if it works without, just to be sure. |
I can confirm I no longer need the |
Excellent! Thanks for reporting back! |
Thank you!!!! |
I can also report that neither the environment variable |
Debug mode
Describe the bug
The SAML login does no longer work. Only a general error message "There was a problem while trying to log you in, please try again." is shown, even in debug mode. Besides the Snipe-IT upgrade there were no other changes.
In the laravel.log file the underlying issue is shown:
Reproduction steps
Expected behavior
SAML authentication keeps working
Screenshots
Snipe-IT Version
7.0.3
Operating System
Official Docker Image (Ubuntu 22.04.4)
Web Server
Apache/2.4.52
PHP Version
PHP 8.1.2-1ubuntu2.17
Operating System
Windows 11
Browser
Firefox
Version
115.12.0esr
Device
No response
Operating System
No response
Browser
No response
Version
No response
Error messages
storage/logs/laravel.log
Container logs
==> /var/log/apache2/access.log <==
Additional context
It's an upgraded instance (v6.4.2 --> v7.0.3). Additionally we had to use
APP_FORCE_TLS=true
, because without it the SAML login failed with "invalid redirect uri" (I guess because the redirect URI then started withhttp://
instead ofhttps://
) and the no-SAML login (/login?nosaml=1) had CSS issues. We use Traefik as a reverse proxy.The text was updated successfully, but these errors were encountered: