I am having a recurring issue with shinyproxy (currently 2.5.0) hosted within a kubernetes cluster (currenty a single node). I’m using Auth0 with SAML. Traffic goes through a Nginx ingress controller that does TLS termination and has a fairly basic configuration. What I don’t understand is that I will get the following error, but only once in a while. If I try to login, I will get the error, but then after that, if I go back to the login page and try to log in again, everything works fine.
o.s.security.saml.log.SAMLDefaultLogger : AuthNResponse;FAILURE;[Auth0 URN];;;org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message a12g399012cidi7i2i3ha3ha4h6e6jc at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:175) at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:88) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:219) ...
This made me think of a cookies problem, however adjusting the shinyproxy server/proxy configuration for cookies did not change anything. Shinyproxy configuration has:
server: secure-cookies: true proxy: same-site-cookie: None
In the browser when I try to log in I get the following error message:
Error Status code: 200 Message: Error validating SAML message Stack Trace: org.springframework.security.authentication.AuthenticationServiceException: Error validating SAML message ...
Anyone has an idea of what I am missing? I would really appreciate it! Thank you!