Trying to figure out how to debug my Azure SAML setup:
saml:
idp-metadata-url: https://login.microsoftonline.com/[tenant-ID]/FederationMetadata/2007-06/FederationMetadata.xml
app-entity-id: [App ID URI]
app-base-url: http://10.0.1.22:8080
roles-attribute: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
The webpage is redirecting to: http://10.0.1.22:8080/saml/SSO
Status code: 200
Message: OK
Stack Trace: n/a
and I think the relevant error in shinyproxy.log says:
2020-01-08 15:43:07.330 INFO 1 --- [XNIO-2 task-1] o.s.security.saml.log.SAMLDefaultLogger : AuthNResponse;FAILURE;10.0.8.111;[###-redacted-url-###]/;;;org.opensaml.common.SAMLException: Response issue time is either too old or with date in the future, skew 60, time 2020-01-08T15:40:10.419Z~
I think this is the problem, but I’m not sure how to tackle resolving it. EDIT: I synced my server per https://www.howtogeek.com/tips/how-to-sync-your-linux-server-time-with-network-time-servers-ntp/ and now I have a different error:
2020-01-08 16:14:04.558 INFO 1 --- [XNIO-2 task-8] e.o.containerproxy.service.UserService : Authentication failure [user: ] [error: Name attribute missing from SAML assertion: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress]
The demo setup in the config guide doesn’t have a name attribute - what is the recommended way to handle this sort of thing?