Supporting each other

Community forums

Welcome, Guest
Username: Password: Remember me
Questions on getting Xerte Toolkits installed on your server and questions about authentication and user logins.
  • Page:
  • 1

TOPIC:

Xerte Saml2 config issues 1 year 8 months ago #8515

  • jhealy
  • jhealy's Avatar Topic Author
  • Offline
  • New Member
  • New Member
  • Posts: 1
  • Thank you received: 0
Hi, I have a new installation of Xerte running in a Microsoft Azure app service. Previously we used Ldap auth but I am trying to configure Saml2 auth using our organisation's Microsoft Azure AD. I believe i have the settings configured correctly (metadata url, x509 cert), these certainly match in the azure ad saml config for the app as do the metadata, acs and slo endpoints.

I am able to progress through the Saml auth process, but when i hit the .acs endpoint the page stalls and times out. heres the html form that causes it to timeout (ive shortened the SAML response value and RelayState response value)-  

<form method="POST" name="hiddenform" action="(protocol)(host)/library/Xerte/Authentication/Saml2/endpoints/acs.php"> 

<input type="hidden" name="SAMLResponse" value="PHNhbWxwOlJlc3......(cont.)"> 

<input type="hidden" name="RelayState" value="(unencrypted/unverified protocol)(host):8080/library/Xerte/Authentication/Saml2/xertesso.php?site=(protocol)(host)/&returnurl=library/Xerte/Authentication/Saml2/saml2login.php&request=0914(cont.)"> 

<noscript><p>Script is disabled. Click Submit to continue.</p><input type="submit" value="Submit" /></noscript></form><script language="javascript">document.forms[0].submit();</script>

The RelayState url does not look correct (:8080 / http). But i cannot determine where this url is generated. I have decoded the SamlResponse value and it looks like it is carryig the correct values for my login.

While atempting to debug, i have also altered the Saml attribute names, which as default eg 'urn:oid:0.9.2342.19200300.100.1.1' ( for uid) but the azure ad platform names attributes as eg '(protocol)schemas.xmlsoap.org/ws/2005/05/identity/claims/uid'. Does this name formatting matter? Currently changing the name attribute does not affect the current result.

Any advice or guidance would be very gratefully received!

Please Log in or Create an account to join the conversation.

Last edit: by jhealy. Reason: mis-spelling

Xerte Saml2 config issues 1 year 8 months ago #8519

  • tom
  • tom's Avatar
  • Away
  • Administrator
  • Administrator
  • Posts: 1283
  • Thank you received: 323
My recommendation would be to set $development to true on line 43 of config .php and trying agaiin. See if there is anything in the apache error logs or in teh error_los/debug.log file in the Xerte installation.

Most liekely it's a firewall issue where the Xerte server tries to connect to the IdP or AD server for verification, and it cannot reach that machine directly.
The following user(s) said Thank You: jhealy

Please Log in or Create an account to join the conversation.

Xerte Saml2 config issues 1 year 4 months ago #8606

  • ingo.d
  • ingo.d's Avatar
  • Offline
  • Junior Member
  • Junior Member
  • Posts: 23
  • Thank you received: 0
Hi jhealy, I just saw your post and I'd love to switch our Xerte installation from LDAP to SAML2 authentication. Would it be possible for you to share your config, redacted of course? Would be much appreciated!

Please Log in or Create an account to join the conversation.

  • Page:
  • 1
Time to create page: 0.041 seconds
Copyright © 2024 The Xerte Project.
Xerte logo Apereo logo OSI Logo

Search