Comments (2)
Hi @Abudi7
Could you show your configuration of the onelogin-saml-bundle + the stack trace of that error?
from onelogin-saml-bundle.
Hi @a-menshchikov , it is the Basic configuration like in the documentation on Github.
nbgrp_onelogin_saml:
onelogin_settings:
default:
# Mandatory SAML settings
idp:
entityId: 'http://adfs.my-domain.com/adfs/services/trust'
singleSignOnService:
url: 'https://adfs.my-domain.com/adfs/ls/'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
singleLogoutService:
url: 'https://adfs.my-domain.com/adfs/ls/'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
x509cert: 'MIIC4jCCAcqgAfgfgfDAtMSswKQYDVQQDEyJBREZTIFNpZ25pbmcgLSBhZGZzLmFudG9uLXBhYXIuY29tMB4XDTIxMDQwODExNUyBTaWduaW5nIC0gYWRmcy5hbnRvbi1wYWFyLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+yta9/VQ4z/pLhP+nEBgKRyIjHultvhmAvXC5xQGWJ91g30ZbB05ObhHhxhDhidWMRUzKp3uaFy5itdYN/PMWNWKmK3PatfzkNddHEB6Vdafhd+dvf9HU2RksdG0kms/FCglR8ApeHwXJd/frVaMwejY9v1GSIEY3TLhWMKSmlrXtDMfvvFRJNegeLyHrGyQMaLb80RF7PlcpQ50J/pEmrKCUNqEwDkn4VEhWMtAJ+aX29nrfTG6vCkyE+on8ox4zq6fStyz1x6Jdo/fckMEBG64NkzopJDmy2/dE3R2j/eQuEVH1CxtavN5YDTD6bAvD20J4NmYE3bohaBYoZYdECAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAY6i4E7CFfTA22cwql39w7sVasIUmrNCE2ydTdcUk+EbjFOylxplIXrqChpCrQJQe9mvOZN7p8xqis6J15hedp25RD5wurF4LPo+O2TDDDvYsRqPXFBSCgiGRJuvntJFisfpbM/LmPE4jHrF/1TpUo4jTR6Gg8q9SozNpHttti6uEl1hQX97zT2vbxaP9BNhB6dIAOOV9OGV3itY+sj8BHUyqUbxmaougaWaaN82tXek+5CDVLYc/g7xo2ahAWSengrX/KX3l5cIbLkLdJAzp3KxdaCtXpAttUIA3lieITTeT3ADhUp7x3zEAXivneurlVwxzIxEpmaO/rhIm2UeXBw=='
sp:
entityId: 'https://imp-dev.my-domain.com/saml/metadata' # Default: '<request_scheme_and_host>/saml/metadata'
assertionConsumerService:
url: 'https://imp-dev.my-domain.com/saml/acs' # Default: '<request_scheme_and_host>/saml/acs'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
singleLogoutService:
url: 'https://imp-dev.my-domain.com/saml/logout' # Default: '<request_scheme_and_host>/saml/logout'
binding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'
privateKey: 'MIIEvQIBAgdfgdfgU7A1Mds8DMmP7pBtH85F7CjD79WSNYTmkOWay4UQKBgEwK49te+NddST5Gpfso52eADTm5SCZcOgYdU8/8IS5JZoOtlV6axQWXV/e2rSrmq1YsFxRT32eidjBi8gUcM4LoUPYzJYWmKku9uidVShesD/K2a9PpFRzuf8CKr28q7uN+Dc3JE9dwWgmGGKXmcvGJbXi0qqZlibS29y5LzJyRAoGBAKleHMOip84ZmDy90Mk7bo6adO9VzeUHs+T3gxukHsLbicSEzc0JeAg9QmxHi+75IC5XVNayI5jKkwTnKFb0dZaIi26B0PJZiBIDgdLk1/+xiAUNp/sA7ZRruFiCCkAtoJZrQU7+PXlDrDOa5OLn55qtT6Ty1Si0XX5QtTLgtSexAoGAWVy7L9IXUT84oKn3V2QqpLuNjAzDkIG8fLO1ZL3H0l/rEeDaJ3IIV6xIPbvR9FUygR9RDfhbJbMMRvwjxtiPGn6yK2HVz1pM/1+A4IL8UF7cLdwqReohigBWDv7f3S+g+DbK4rAmyGr+DTHQPr3kSX4dkwfTynMOQc7yPMgxJn8='
x509cert: 'MIIDfTCCAmWgAwIdhfgdhfghghkzklhWExDTALBgNVBAcMBEdyYXoxGDAWBgNVBAoMD0FudG9uIFBhYXIgR21iSDELMAkGA1UECwwCSVQwIBcNMTcwNDEyMTAzODI0WhgPMjExNzA0MDgxMDM4MjRaMFQxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZTdHlyaWExDTALBgNVBAcMBEdyYXoxGDAWBgNVBAoMD0FudG9uIFBhYXIgR21iSDELMAkGA1UECwwCSVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrSNauwWBZCrticFgWojWqqHWJxerJhfGoy+8tABX/VCZwRlBOTYL3njcksT3MAxS4Q0ck4iLfJrKtIxgwROnS1F5n3PevI0S2t3aGXl1yE7RTJeTWPcEVYyPFPSoQhHt2LexAiTk0t0ukGbyBZN3+9saBKd+Zt2BpkPYNbiDG2DtyUUkPrBggIv9bEtKZSW7Hzppj6vg2+3Kom8k4odax1LwBGeOoLU/2EECVDyIEotuuh2GZ0sdqEsLAEvE6VgkMAovEWFQ+4jFshSyaClms8+Ec6c/4xtnDP03q6+HT26ANbsYr+I07nuTlXGDeQ3S8kJsgGgvV4YD9q8+iqz2FAgMBAAGjUDBOMB0GA1UdDgQWBBRlex099FcJGz3caERiEDSDYlR+ZzAfBgNVHSMEGDAWgBRlex099FcJGz3caERiEDSDYlR+ZzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQBKd48LFGMecCelPmbNeIraFuchOd2HpRl1XDOffit1ZCtZrm5LjpISv8+zzDQFLY4e4KWumcuDxb9NU6DiquT7pP1aQmMJd2H6tbKoul8p3mi50hHiAKs6zy8tV4eDgWq6n3r5VQK9SpdVjeZOikE6sq4FtrhNgQRaZ3TGYrT52fkVHJym3EzeAcZkoG1RnW0JtVVstMajFEVW+poHrPe2PDo9Rn9Nq/U2M4uMHXtw86jjjX9YDqGBjF/ZIbge0rrt0ixQzuAu/p60IdTxRBnsFJaPaQr1XaKfKSEMbR21LKEvuXXFwydqA9gFjtsm2x/OuKGTkoYL1UGJXZmFyEtR'
# Optional SAML settings
baseurl: 'https://imp-dev.my-domain.com/saml/' # Default: '<request_scheme_and_host>/saml/'
strict: true
debug: true
security:
nameIdEncrypted: false
authnRequestsSigned: true
logoutRequestSigned: false
logoutResponseSigned: false
signMetadata: false
wantMessagesSigned: false
wantAssertionsEncrypted: false
wantAssertionsSigned: false
wantNameId: false
wantNameIdEncrypted: false
requestedAuthnContext: true
wantXMLValidation: false
relaxDestinationValidation: true
destinationStrictlyMatches: true
allowRepeatAttributeName: false
rejectUnsolicitedResponsesWithInResponseTo: false
signatureAlgorithm: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
digestAlgorithm: 'http://www.w3.org/2001/04/xmlenc#sha256'
encryption_algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
lowercaseUrlencoding: false
compress:
requests: false
responses: false
# Optional another one SAML settings (see Multiple IdP below)
#another:
# idp:
# ...
# sp:
# ...
# ...
# Optional parameters
#use_proxy_vars: true
idp_parameter_name: 'custom-idp'
entity_manager_name: 'custom-em'
The request never comes back to Symfony. with simplesaml every thing work fine.
This is the error message on the adfs side:
Activity ID: 8d25e23f-234e-4b48-d84d-0040010000b4
Error details: Found invalid data while decoding.
Node name: 50a94d7d-4149-468e-90c0-e573941a2cc2
Error time: Tue, 07 Nov 2023 10:45:35 GMT
Cookie: enabled
User agent string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
from onelogin-saml-bundle.
Related Issues (20)
- Misleading information about ONELOGIN_CUSTOMPATH HOT 2
- Failed to Load Resources HOT 1
- <request_scheme_and_host> with x-forwarded-prefix
- Deprecation Note in Symfony 6.2 HOT 1
- Is it possible to set returnTo? HOT 2
- Override reply (assertion customer service) doesn't work. HOT 1
- Events not firing (UserCreatedEvent, UserUpdatedEvent) HOT 3
- new user created at each connection HOT 5
- User provider: load by SAML attributes? HOT 5
- Multiple idP: restrict email by format HOT 4
- Nbgrp_onlelogin_saml.yaml and .env variables HOT 1
- Multiple IDP use without specifying which one to use on idp side HOT 1
- Routes not working after fresh installation HOT 2
- JIT provisioning and persisting User doesn't change anything in the database HOT 4
- Symfony 7 support? HOT 8
- Need to use urn:federation:authentication:windows for requestedAuthnContext
- Need to disable onelogin behaviours
- Problem with the settings for Azure HOT 1
- Inject <saml:Subject><saml:NameID> into User-Entity HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from onelogin-saml-bundle.