Hi, I have a new installation of Xerte running in a Microsoft Azure app service. Previously we used Ldap auth but I am trying to configure Saml2 auth using our organisation's Microsoft Azure AD. I believe i have the settings configured correctly (metadata url, x509 cert), these certainly match in the azure ad saml config for the app as do the metadata, acs and slo endpoints.
I am able to progress through the Saml auth process, but when i hit the .acs endpoint the page stalls and times out. heres the html form that causes it to timeout (ive shortened the SAML response value and RelayState response value)-
<form method="POST" name="hiddenform" action="(protocol)(host)/library/Xerte/Authentication/Saml2/endpoints/acs.php">
<input type="hidden" name="SAMLResponse" value="PHNhbWxwOlJlc3......(cont.)">
<input type="hidden" name="RelayState" value="(unencrypted/unverified protocol)(host):8080/library/Xerte/Authentication/Saml2/xertesso.php?site=(protocol)(host)/&returnurl=library/Xerte/Authentication/Saml2/saml2login.php&request=0914(cont.)">
<noscript><p>Script is disabled. Click Submit to continue.</p><input type="submit" value="Submit" /></noscript></form><script language="javascript">document.forms[0].submit();</script>
The RelayState url does not look correct (:8080 / http). But i cannot determine where this url is generated. I have decoded the SamlResponse value and it looks like it is carryig the correct values for my login.
While atempting to debug, i have also altered the Saml attribute names, which as default eg 'urn:oid:0.9.2342.19200300.100.1.1' ( for uid) but the azure ad platform names attributes as eg '(protocol)schemas.xmlsoap.org/ws/2005/05/identity/claims/uid'. Does this name formatting matter? Currently changing the name attribute does not affect the current result.
Any advice or guidance would be very gratefully received!
