Hi,
We have a problem with xibo 4.0.2 (docker installation) with SAML authentification
Do you have any solution ?
Thanks Best regards
Hi and welcome to the Community!
Have you got your CMS in test mode? If so can you put it into Production and see if that then works? If it doesn’t, it will be an error in your SAML configuration.
Hi and thank you for your welcome
Yes i’m in test mode for checking the error, but when i pass in production i have only this error :
My SAML configuration is good i think because my IDP redirect to xibo
The problem in production mode is i can’t log this error with docker-compose logs -f
thanks
Enable debug in the SAML configuration and it will log to that screen why the SAML login wasn’t successful; SAML as an Authentication Provider | Xibo Digital Signage
Hi,
I active the debug option in my settings but there is no error in the log in docker-compose logs :
$samlSettings = array (
'workflow' => array(
// Enable/Disable Just-In-Time provisioning
'jit' => true,
// Attribute to identify the user
// if set to nameId then the NameID from SAML will be taken and used as the
// username in Xibo.
'field_to_identify' => 'UserName', // Alternatives: UserID, UserName, email
// Default libraryQuota assigned to the created user by JIT
'libraryQuota' => 1000,
// Initial User Group
'group' => 'Users',
// Home Page
'homePage' => 'icondashboard.view',
// Enable/Disable Single Logout
'slo' => true,
// Attribute mapping between XIBO-CMS and the IdP
'mapping' => array (
'UserID' => '',
'usertypeid' => '',
'UserName' => 'uid',
'email' => 'mail',
)
),
// Configure the IdP and SP
'strict' => false,
'debug' => true,
'idp' => array (
'entityId' => 'xxxxxxxx/idp/shibboleth',
'singleSignOnService' => array (
'url' => 'https://xxxxxxx/idp/profile/SAML2/Redirect/SSO',
),
'singleLogoutService' => array (
'url' => 'https://xxxxxx/idp/profile/SAML2/POST/SLO',
),
'x509cert' => 'xxxxxxxx',
),
'sp' => array (
'entityId' => 'https://xxxxx/saml/metadata',
'assertionConsumerService' => array (
'url' => 'https://xxxxx/saml/acs',
),
'singleLogoutService' => array (
'url' => 'https://xxxxx/saml/sls',
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
'x509cert' => 'xxxx',
'privateKey' > 'xxxxx',
),
'security' => array (
'nameIdEncrypted' => false,
'authnRequestsSigned' => false,
'logoutRequestSigned' => false,
'logoutResponseSigned' => false,
'signMetadata' => false,
'wantMessagesSigned' => false,
'wantAssertionsSigned' => false,
'wantAssertionsEncrypted' => false,
'wantNameIdEncrypted' => false,
)
);
My IDP is a shibboleth and return to xibo with no problem. I thinks the problem is the jit but there is no logs about this.
thanks
Hi, there won’t be any error in the docker-compose logs, the error will be printed in the browser above the box that says the SAML login failed
You also need strict => true as any other setting will not give you a secure login.
Hi and thanks a lot Natasha
I put strict => true and now the return of my IDP is on http:// but i put https:// in all the config :
My assertionConsumerService is in https://
Thanks
Are you using a reverse proxy? If so you will need to add \OneLogin\Saml2\Utils::setProxyVars(true); to the end of settings-custom.php
Hi,
Sorry the problem continue
I test with 2 different reverse-proxy, and with the instruction \OneLogin\Saml2\Utils::setProxyVars(true);
and now the problem is :
‘mapping’ => array (
‘UserID’ => ‘’,
‘usertypeid’ => ‘’,
‘UserName’ => ‘uid’,
‘email’ => ‘mail’,
)
),
Thanks
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.
