Debug Azure SAML setup

tanho63 · January 8, 2020, 4:17pm

Trying to figure out how to debug my Azure SAML setup:

  saml:
    idp-metadata-url: https://login.microsoftonline.com/[tenant-ID]/FederationMetadata/2007-06/FederationMetadata.xml
    app-entity-id: [App ID URI]
    app-base-url: http://10.0.1.22:8080
    roles-attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/role

The webpage is redirecting to: http://10.0.1.22:8080/saml/SSO

Status code: 200
Message: OK
Stack Trace: n/a

and I think the relevant error in shinyproxy.log says:

2020-01-08 15:43:07.330  INFO 1 --- [XNIO-2 task-1] o.s.security.saml.log.SAMLDefaultLogger  : AuthNResponse;FAILURE;10.0.8.111;[###-redacted-url-###]/;;;org.opensaml.common.SAMLException: Response issue time is either too old or with date in the future, skew 60, time 2020-01-08T15:40:10.419Z~

I think this is the problem, but I’m not sure how to tackle resolving it. EDIT: I synced my server per https://www.howtogeek.com/tips/how-to-sync-your-linux-server-time-with-network-time-servers-ntp/ and now I have a different error:

2020-01-08 16:14:04.558  INFO 1 --- [XNIO-2 task-8] e.o.containerproxy.service.UserService   : Authentication failure [user: ] [error: Name attribute missing from SAML assertion: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress]

The demo setup in the config guide doesn’t have a name attribute - what is the recommended way to handle this sort of thing?

roberts2727 · October 21, 2020, 11:02pm

Ever get this fixed? Were running into a similar issue

mateo_graciano · February 19, 2021, 2:14am

Any ideas for this issue?

tdekoninck · February 25, 2021, 3:37pm

Hi all

We have some deployments with Azure AD/SAML and after some tweaking that works properly.
Some tips:

If you experience the Response issue time is either too old or with date in the future, skew 60, time 2020-01-08T15:40:10.419Z issue, it’s indeed a good idea to sync your clocks. If you only experience this exception after the user has been logged in for some time (probably two hours), you should enable the proxy.saml.force-authn property to true. See https://github.com/openanalytics/shinyproxy/issues/274 for more information, I’ll also include this in the documentation.
if you experience the ] [error: Name attribute missing from SAML assertion: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress error, you’ll have to update the proxy.saml.name-attribute to the correct claim that contains the username of the user.
In the newest ShinyProxy version (which will be released in the coming weeks) it will be easier to found out the correct claim name.

mateo_graciano · March 9, 2021, 3:10am

Tks!

I tried the openid option and it worked just fine.

saifi · March 10, 2021, 1:52pm

Hi
I have a problem also on the Azure AD Saml and I can’t find a solution …

2021-03-10 10:57:26.722 DEBUG 6 --- [  XNIO-1 task-1] o.a.x.security.utils.SignerOutputStream  : Canonicalized SignedInfo:
2021-03-10 10:57:26.722 DEBUG 6 --- [  XNIO-1 task-1] o.a.x.security.utils.SignerOutputStream  : <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></SignatureMethod><Reference URI="#_76873859-5deb-4259-b088-2a7780ca6700"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></Transform><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></DigestMethod><DigestValue>4hl236Vb8Pa7pnxvnoWmIHEMOLE2Z4HXkbYZb9tvZ9s=</DigestValue></Reference></SignedInfo>
2021-03-10 10:57:26.723  WARN 6 --- [  XNIO-1 task-1] o.a.xml.security.signature.XMLSignature  : Signature verification failed.
2021-03-10 10:57:26.723 DEBUG 6 --- [  XNIO-1 task-1] o.o.xml.signature.SignatureValidator     : Signature cryptographic validation not successful
2021-03-10 10:57:26.724 DEBUG 6 --- [  XNIO-1 task-1] o.o.x.s.impl.BaseSignatureTrustEngine    : Signature validation using candidate validation credential failed

org.opensaml.xml.validation.ValidationException: Signature cryptographic validation not successful
	at org.opensaml.xml.signature.SignatureValidator.validate(SignatureValidator.java:79) ~[xmltooling-1.4.6.jar!/:na]
	at org.opensaml.xml.signature.impl.BaseSignatureTrustEngine.verifySignature(BaseSignatureTrustEngine.java:142) ~[xmltooling-1.4.6.jar!/:na]
	at org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine.validate(ExplicitKeySignatureTrustEngine.java:110) [xmltooling-1.4.6.jar!/:na]
	at org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine.validate(ExplicitKeySignatureTrustEngine.java:49) [xmltooling-1.4.6.jar!/:na]
	at org.springframework.security.saml.websso.AbstractProfileBase.verifySignature(AbstractProfileBase.java:271) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertionSignature(WebSSOProfileConsumerImpl.java:455) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:328) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:250) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) [spring-security-core-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:219) [spring-security-core-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:534) [spring-security-config-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_282]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_282]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_282]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_282]
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344) [spring-aop-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205) [spring-aop-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at com.sun.proxy.$Proxy76.authenticate(Unknown Source) [na:na]
	at org.springframework.security.saml.SAMLProcessingFilter.attemptAuthentication(SAMLProcessingFilter.java:92) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at eu.openanalytics.containerproxy.auth.impl.saml.AlreadyLoggedInFilter.doFilter(AlreadyLoggedInFilter.java:50) [containerproxy-0.8.8.jar!/:0.8.8]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:186) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:155) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.saml.metadata.MetadataDisplayFilter.doFilter(MetadataDisplayFilter.java:84) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.saml.metadata.MetadataGeneratorFilter.doFilter(MetadataGeneratorFilter.java:87) [spring-security-saml2-core-1.0.10.RELEASE.jar!/:1.0.10.RELEASE]
	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.3.4.RELEASE.jar!/:5.3.4.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93) [spring-boot-actuator-2.3.4.RELEASE.jar!/:2.3.4.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) [spring-web-5.2.9.RELEASE.jar!/:5.2.9.RELEASE]
	at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:91) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at eu.openanalytics.containerproxy.util.ProxyMappingManager$ProxyPathHandler.handleRequest(ProxyMappingManager.java:160) [containerproxy-0.8.8.jar!/:0.8.8]
	at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99) [undertow-servlet-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:370) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:836) [undertow-core-2.1.4.Final.jar!/:2.1.4.Final]
	at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35) [jboss-threads-3.1.0.Final.jar!/:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:2019) [jboss-threads-3.1.0.Final.jar!/:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1558) [jboss-threads-3.1.0.Final.jar!/:3.1.0.Final]
	at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1449) [jboss-threads-3.1.0.Final.jar!/:3.1.0.Final]
	at java.lang.Thread.run(Thread.java:748) [na:1.8.0_282]

thanks,
Saif

tech_cental · July 5, 2023, 3:39pm

can someone help me out i cant seem to get this to work

tech_cental · July 5, 2023, 4:57pm

can you provide sample or step by step guide

mateo_graciano · July 19, 2023, 6:51pm

sorry, thats all i remember.

I was strugling with saml option so i switched to openid. I did this in my former work so i do not have access to the complete solution now, sorry.