WSO2 Identity Server fails to perform authentication SAML2.0 consumer URL not reachable
We are using WSO2 Identity Server 4.6.0 for SAML 2.0 based Single Sign-On.
The authentication was working fine when the Assertion Consumer URL of the service provider was directly "accessible" (network connectivity) from the WSO2 IS node.
However, I get an error if I register a New Service Provider with an Assertion Consumer
URL which is not directly reachable from the Identity provider : WSO2 IS , but accessible
from the requesting user agent i.e. browser.
The User Agent request gets redirectd to the WSO2 IS (login,do?SAMLRequest=nZP... )
But the POST /commonauth failed with the following returned Status code 302 and Location header Location: authenticationendpoint/samlsso_notification.do?status=Error when processing the authentication request!&statusMsg=The message was not recognized by the SAML 2.0 SSO Provider. Please check the logs for more details
For example the Assertion Consumer URL provisionned was refering to a private ip address only accessible from the requesting browser).
I also tried to provide a hostname instead without success.
Here below is the error we get from the WSO2 IS logs :
TID: [0] [IS] [2014-06-10 17:54:52,344] ERROR {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet} - The value of sessionDTO is null. This could be due to the hostname settings {org.wso2.carbon.identity.sso.saml.servlet.SAMLSSOProviderServlet}
From the browser :
SAML2.0 based Single Sign On
Any idea why the autentication request failed and why the SSO provider complains about "unrecognized message".
Thanks for your support
JS
If you have fronted Identity server with a proxy server or load balancer Please try to configure severs proxy configurations.
[1] http://soasecurity.org/2014/04/11/handling-server-redirects-when-it-is-a-proxy/
Related
I want to establish SAML connection between one external service provider with Identity server 4.
Steps which are performed.
Captured SAML metadata of IS4 application
Configured Service provider with IS4 metadata
While verification, I get below Error on IS4 application.
"Invalid Service Provider; Unrecognized SAML service provider - cannot find Client configuration".
Any idea what exactly I am missing here?
Thanks
(IS4 - Identity Server 4)
I was able to find out root cause of this issue, for SAML Service provider below setting was in place due to this communication was failing.
AuthnRequestsSigned="false"
WantAssertionsSigned="false"
So, I had change setting in 'Identity server - service provider' to turn off this validation.
I am getting below error in my logic app workflow, I have schedular->MQ->Azure EventHub connectors. I can see message coming till MQ and there is failure in eventhub with below error. Appreciate for any suggestion why this error is comming up, and how to overcome this.
"BadRequest. Http request failed as there is an error: 'The SSL connection could not be established, see inner exception."
You might be receiving this due to Authentication or certificate errors.
You can check for the connection you are establishing while creating the event hub connector.
Authorize access to an event hub by using a Sytem assigned managed identity.
Try checking certificate expiration - To configure service principals with certificate credentials where Azure AD can be used to build a service principal with restricted access at the resource level. Azure Key Vault may be utilised with Azure-managed identities in both scenarios, such that the runtime environment, such as an Azure function, can get the credential from the key vault.
Also you can try checking the inner exception that is occuring and take further actions accordingly.
REFERENCES:
Azure security baseline for Event Hubs
Authentication a managed identity with Azure Active Directory
I'm getting wrong username or password when trying to make a JDBC connection to snowflake. I believe the culprit is that there is an Azure Active Directory layer between the connection. Is there a specific way I should be handling making this connection while using the azure credentials from my Java app through Azure Active Directory to Snowflake? Thanks in advance!
In your JDBC connection parameters, you need to set the authenticator parameter to externalbrowser or possibly depending on the setup oauth with a setting for the oauth token parameter.
You can read more about OAuth here, https://docs.snowflake.com/en/user-guide/oauth-custom.html
The section specific to OAuth on JDBC on that page is here, https://docs.snowflake.com/en/user-guide/jdbc-configure.html#label-jdbc-connection-parameters. Scroll down from that bookmark on the page to the authenticator parameter section.
I have a resource API protected using IdentityServer4 OAuth server.
Within my Resource API , I am using
app.UseIdentityServerAuthentication(XXX) to protect the API.
If the authentication server is down when the Resource API is starting up , any request to Resource API returns a "500 Internal Server Error" Which is what I expected. How ever the issue is that once the Authentication server is back on, the Resource API continue to return "500 Internal server error"
I expected the Resource API to start working once the Authentication server comes back on-line. That is not the case.
Any suggestions ?
I tried to configure SSO using OpenAM in salesforce.I have done the following steps.
Configured the Circle of trust
Configured the identity provider
Configured the Salesforce as the service provider
and download the identity provider certificate in OpenAM
I received the following error in Salesforce SSO settings page while saving set-up page
Unrecognized X.509 certificate format error in SSO settings page
Please help me to successfully configure SSO using OpenAM in salesforce.
Thanks in advance...
If you export the certificate on OpenAM side, you may check if the boundaries 'BEGIN CERTIFICATE' ... 'END CERTIFICATE' are on a separate line