SAML auth; Page not found during login

Question

We have been trying to configure SAML authentication for our gallery the past few days. One of the issues were related to SSL not being properly configured first (as required by our IDP). I feel like we are so close to properly configuring SAML, but can't figure out what the problem is now.

When an user tries to login on the Gallery, it is presented with the following page:

Considering all other scenario's we stumbled upon we must be getting closer to the solution. Do any of you who configured SAML before happen to know what might be causing this?

Our ACS Base URL points to https://<....>/aas/  as generated by the Systems Settings.

I also tried both combinations of /aas/Saml2/Acs/ and /aas/Saml2/. These cause a 404 resource not found

This URL should be set as the Reply URL and/or Entity ID within the IDP correct?

Our IDP URL points to the Azure AD Identifier the IDP Metadata URL points to the metadata. If I choose to specify the X509 certificate and SSO URL separately (both as defined within the earlier metadata URL) I get the same result, so I think these are set up properly at least.

Any direction towards a solution is appreciated!

bny_abo · Answer

I've gotten the same error, but looking at the SAML tracer, I got a 404 error from aas/api/sessions ...

GEThttps://abo-gallery.qa.bnymellon.net/gallery/lib/modernizr/modernizr.js

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/user-generated.css?v=12345

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.css?v=12345

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.header.css?v=12345

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.footer.css?v=12345

GEThttps://abo-gallery.qa.bnymellon.net/gallery/JSMap/css/production.css?v=12345

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/styles.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/collectionDetails.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/collections/components/css/CollectionsList.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/UserDetails/UserDetails.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/SubscriptionDetails/subscriptionDetails.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/dataGrid/dataGrid.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/searchFilter/searchFilter.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/WorkflowDetails/WorkerView.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/InsightDetails/insightview.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/tabs/tabs.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/tabs/tab/tab.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/Backdrop/Backdrop.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/modal/modal.css

GEThttps://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/JSMap/js/production.js?v=1234

GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/server-ui-common.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/index.css

GEThttps://abo-gallery.qa.bnymellon.net/gallery/steal/steal.production.js?production/production.js?v=12345

GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/server-ui-common.js

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/commons.bundle.js

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Regular.woff2

GEThttps://abo-gallery.qa.bnymellon.net/gallery/production/production.js

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Regular.woff2

GEThttps://abo-gallery.qa.bnymellon.net/gallery/production/production.css

HEADhttps://abo-gallery.qa.bnymellon.net/gallery/?_=1664990169214

GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/config/timezones/?_=1664990169215

GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/apps/tags/

GEThttps://abo-gallery.qa.bnymellon.net/gallery/lib/polyfills/form.input.number.range.polyfill.js?_=1664990169216

GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/navigation/?_=1664990169220

GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/contentHeader.bundle.js?_=1664990169225

GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/images/bannerimages/?_=1664990169228

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Bold.woff2

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/entypo/entypo.woff

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/montserrat/Montserrat-ExtraBold.woff2

GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/apps/gallery/?search=&limit=12&offset=0&sortField=dateMadePublic&direction=desc&packageType=&_=1664990169230

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Bold.woff2

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/entypo/entypo.woff

GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/montserrat/Montserrat-ExtraBold.woff2

GEThttps://abo-gallery.qa.bnymellon.net/gallery/img/loading-circle.gif

GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/IePolyfillPageContainer.js?_=1664990169233

GEThttps://abo-gallery.qa.bnymellon.net/aas/connect/authorize?nonce=efb243e8-491c-4b2f-88a7-775832b16dc3&state=50ea219a-ba0d-4b59-8eba-037972f7ccf6&client_id=alteryx&redirect_uri=https://abo-gallery.qa.bnymellon.net/gallery/#!sso/?&response_type=id_token token&scope=openid alteryxApi

GEThttps://abo-gallery.qa.bnymellon.net/aas/login?signin=fa96c28f77975b74cd2f48ece5822a68

GEThttps://abo-gallery.qa.bnymellon.net/aas/external?provider=SAML2&signin=fa96c28f77975b74cd2f48ece5822a68

GEThttps://fsso.qa.bnymellon.net/affwebservices/public/saml2sso?SAMLRequest=lZFPSwMxEMXvhX6HkHs3f9xWDG1hsZdCvbTqobdJzNqFbLLNZNV+e+NW0YIIXmfe7817zByhdbJTVZ8OfmuPvcVE3lrnUZ03C9pHrwJgg8pDa1Elo3bV3UbJgqsuhhRMcPQn8zcCiDamJnhK1qsFbZ5m2mp5xUXNTV1yAzelBCjrqSwFF1PQlDzaiBlY0MxnCrG3a48JfMojLuVE8Amf3otrJWZKyD0lq1yj8ZAG6pBSh4qxGjEURyi0P7XWueALbxODun61Omd6aYxF1vXaNYYNRbKekuor723w2Lc27s7Sh+3m2xp0mDyDczaefrkAyHYffqwySJfjESHzwV8NVeLyfy5zdgGPR5+Dyycu3wE=&RelayState=fmBV4HxKAjq5KSneX8jXwPFJ

POSThttps://abo-gallery.qa.bnymellon.net/aas/Saml2/Acs

GEThttps://abo-gallery.qa.bnymellon.net/aas/callback

GEThttps://abo-gallery.qa.bnymellon.net/aas/connect/authorize?nonce=efb243e8-491c-4b2f-88a7-775832b16dc3&state=50ea219a-ba0d-4b59-8eba-037972f7ccf6&client_id=alteryx&redirect_uri=https://abo-gallery.qa.bnymellon.net/gallery/#!sso/?&response_type=id_token token&scope=openid alteryxApi

GEThttps://abo-gallery.qa.bnymellon.net/gallery/#!sso/?id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2Fiby1nYWxsZXJ5LnFhLmJueW1lbGxvbi5uZXQvYWFzIiwiYXVkIjoiYWx0ZXJ5eCIsImV4cCI6MTY2NDk5MDQ3MywibmJmIjoxNjY0OTkwMTczLCJub25jZSI6ImVmYjI0M2U4LTQ5MWMtNGIyZi04OGE3LTc3NTgzMmIxNmRjMyIsImlhdCI6MTY2NDk5MDE3MywiYXRfaGFzaCI6Ind0ejdrRng4cXlSSUNkSDE3eThTOGciLCJzdWIiOiI5YzQwZDkyZThjMDMzMDI4ZDFlODc1ZGJiMDRhZjhkNyIsImF1dGhfdGltZSI6MTY2NDk5MDE3MywiaWRwIjoiU0FNTDIiLCJhbXIiOlsiZXh0ZXJuYWwiXX0.66SXhR85JL5vYuVG4CXRh8srWNGogR51SIIU8dfkuiM&access_token=30c9a358a38dbae2a4dd48e174e8fb22&token_type=Bearer&expires_in=30&scope=openid alteryxApi&state=50ea219a-ba0d-4b59-8eba-037972f7ccf6