We have been trying to configure SAML authentication for our gallery the past few days. One of the issues were related to SSL not being properly configured first (as required by our IDP). I feel like we are so close to properly configuring SAML, but can't figure out what the problem is now.
When an user tries to login on the Gallery, it is presented with the following page:
Considering all other scenario's we stumbled upon we must be getting closer to the solution. Do any of you who configured SAML before happen to know what might be causing this?
Our ACS Base URL points to https://<....>/aas/ as generated by the Systems Settings.
I also tried both combinations of /aas/Saml2/Acs/ and /aas/Saml2/. These cause a 404 resource not found
This URL should be set as the Reply URL and/or Entity ID within the IDP correct?
Our IDP URL points to the Azure AD Identifier the IDP Metadata URL points to the metadata. If I choose to specify the X509 certificate and SSO URL separately (both as defined within the earlier metadata URL) I get the same result, so I think these are set up properly at least.
Any direction towards a solution is appreciated!
Hi @Brayndasilva ,
One thing that could be causing this issue are the claims, these are case sensitive and even additional whitespaces or an additional claim could make this happen.
You should be able to verify the mappings from your aas-log file located by default here: C:\ProgramData\Alteryx\Logs\aas-log-xxxx.txt
The mapping should look like this: (make sure capitalization on the N for Name also follows)
\"email\": \"crincon@alteryx.com\",
\"firstName\": \"Christian\",
\"lastName\": \"Rincon\",
Best,
Fernando Vizcaino
I've gotten the same error, but looking at the SAML tracer, I got a 404 error from aas/api/sessions ...
GEThttps://abo-gallery.qa.bnymellon.net/gallery/lib/modernizr/modernizr.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/user-generated.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.header.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.footer.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/JSMap/css/production.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/styles.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/collectionDetails.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/collections/components/css/CollectionsList.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/UserDetails/UserDetails.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/SubscriptionDetails/subscriptionDetails.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/dataGrid/dataGrid.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/searchFilter/searchFilter.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/WorkflowDetails/WorkerView.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/InsightDetails/insightview.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/tabs/tabs.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/tabs/tab/tab.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/Backdrop/Backdrop.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/modal/modal.css
GEThttps://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/JSMap/js/production.js?v=1234
GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/server-ui-common.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/index.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/steal/steal.production.js?production/production.js?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/server-ui-common.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/commons.bundle.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Regular.woff2
GEThttps://abo-gallery.qa.bnymellon.net/gallery/production/production.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Regular.woff2
GEThttps://abo-gallery.qa.bnymellon.net/gallery/production/production.css
HEADhttps://abo-gallery.qa.bnymellon.net/gallery/?_=1664990169214
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/config/timezones/?_=1664990169215
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/apps/tags/
GEThttps://abo-gallery.qa.bnymellon.net/gallery/lib/polyfills/form.input.number.range.polyfill.js?_=1664990169216
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/navigation/?_=1664990169220
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/contentHeader.bundle.js?_=1664990169225
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/images/bannerimages/?_=1664990169228
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Bold.woff2
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/entypo/entypo.woff
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/montserrat/Montserrat-ExtraBold.woff2
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/apps/gallery/?search=&limit=12&offset=0&sortField=dateMadePublic&direction=desc&packageType=&_=1664990169230
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Bold.woff2
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/entypo/entypo.woff
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/montserrat/Montserrat-ExtraBold.woff2
GEThttps://abo-gallery.qa.bnymellon.net/gallery/img/loading-circle.gif
GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/IePolyfillPageContainer.js?_=1664990169233
GEThttps://abo-gallery.qa.bnymellon.net/aas/connect/authorize?nonce=efb243e8-491c-4b2f-88a7-775832b16dc3&state=50ea219a-ba0d-4b59-8eba-037972f7ccf6&client_id=alteryx&redirect_uri=https%3A%2F%2Fabo-gallery.qa.bnymellon.net%2Fgallery%2F%23!sso%2F%3F&response_type=id_token%20token&scope=openid%20alteryxApi
GEThttps://abo-gallery.qa.bnymellon.net/aas/login?signin=fa96c28f77975b74cd2f48ece5822a68
GEThttps://abo-gallery.qa.bnymellon.net/aas/external?provider=SAML2&signin=fa96c28f77975b74cd2f48ece5822a68
GEThttps://fsso.qa.bnymellon.net/affwebservices/public/saml2sso?SAMLRequest=lZFPSwMxEMXvhX6HkHs3f9xWDG1hsZdCvbTqobdJzNqFbLLNZNV%2Be%2BNW0YIIXmfe7817zByhdbJTVZ8OfmuPvcVE3lrnUZ03C9pHrwJgg8pDa1Elo3bV3UbJgqsuhhRMcPQn8zcCiDamJnhK1qsFbZ5m2mp5xUXNTV1yAzelBCjrqSwFF1PQlDzaiBlY0MxnCrG3a48JfMojLuVE8Amf3otrJWZKyD0lq1yj8ZAG6pBSh4qxGjEURyi0P7XWueALbxODun61Omd6aYxF1vXaNYYNRbKekuor723w2Lc27s7Sh%2B3m2xp0mDyDczaefrkAyHYffqwySJfjESHzwV8NVeLyfy5zdgGPR5%2BDyycu3wE%3D&RelayState=fmBV4HxKAjq5KSneX8jXwPFJ
POSThttps://abo-gallery.qa.bnymellon.net/aas/Saml2/Acs
GEThttps://abo-gallery.qa.bnymellon.net/aas/callback
GEThttps://abo-gallery.qa.bnymellon.net/aas/connect/authorize?nonce=efb243e8-491c-4b2f-88a7-775832b16dc3&state=50ea219a-ba0d-4b59-8eba-037972f7ccf6&client_id=alteryx&redirect_uri=https%3A%2F%2Fabo-gallery.qa.bnymellon.net%2Fgallery%2F%23!sso%2F%3F&response_type=id_token%20token&scope=openid%20alteryxApi
GEThttps://abo-gallery.qa.bnymellon.net/gallery/#!sso/?id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2Fiby1nYWxsZXJ5LnFhLmJueW1lbGxvbi5uZXQvYWFzIiwiYXVkIjoiYWx0ZXJ5eCIsImV4cCI6MTY2NDk5MDQ3MywibmJmIjoxNjY0OTkwMTczLCJub25jZSI6ImVmYjI0M2U4LTQ5MWMtNGIyZi04OGE3LTc3NTgzMmIxNmRjMyIsImlhdCI6MTY2NDk5MDE3MywiYXRfaGFzaCI6Ind0ejdrRng4cXlSSUNkSDE3eThTOGciLCJzdWIiOiI5YzQwZDkyZThjMDMzMDI4ZDFlODc1ZGJiMDRhZjhkNyIsImF1dGhfdGltZSI6MTY2NDk5MDE3MywiaWRwIjoiU0FNTDIiLCJhbXIiOlsiZXh0ZXJuYWwiXX0.66SXhR85JL5vYuVG4CXRh8srWNGogR51SIIU8dfkuiM&access_token=30c9a358a38dbae2a4dd48e174e8fb22&token_type=Bearer&expires_in=30&scope=openid%20alteryxApi&state=50ea219a-ba0d-4b59-8eba-037972f7ccf6
GEThttps://abo-gallery.qa.bnymellon.net/gallery/lib/modernizr/modernizr.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/user-generated.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.header.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/cloud.footer.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/JSMap/css/production.css?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/styles.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/collectionDetails.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/collections/components/css/CollectionsList.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/UserDetails/UserDetails.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/SubscriptionDetails/subscriptionDetails.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/dataGrid/dataGrid.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/searchFilter/searchFilter.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/WorkflowDetails/WorkerView.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/collectionDetails/components/InsightDetails/insightview.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/tabs/tabs.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/tabs/tab/tab.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/Backdrop/Backdrop.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/common/modal/modal.css
GEThttps://maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/JSMap/js/production.js?v=1234
GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/server-ui-common.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/index.css
GEThttps://abo-gallery.qa.bnymellon.net/gallery/steal/steal.production.js?production/production.js?v=12345
GEThttps://abo-gallery.qa.bnymellon.net/gallery/ServerUI/dist/server-ui-common.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/js/ReactComponents/output/commons.bundle.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/lato/Lato-Regular.woff2
GEThttps://abo-gallery.qa.bnymellon.net/gallery/production/production.js
GEThttps://abo-gallery.qa.bnymellon.net/gallery/production/production.css
HEADhttps://abo-gallery.qa.bnymellon.net/gallery/?_=1664990174357
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/config/timezones/?_=1664990174358
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/apps/tags/
GEThttps://abo-gallery.qa.bnymellon.net/gallery/lib/polyfills/form.input.number.range.polyfill.js?_=1664990174359
GEThttps://abo-gallery.qa.bnymellon.net/gallery/api/navigation/?_=1664990174363
POSThttps://abo-gallery.qa.bnymellon.net/aas/api/sessions
GEThttps://abo-gallery.qa.bnymellon.net/gallery/css/mon
{
"method": "POST",
"url": https://abo-gallery.qa.bnymellon.net/aas/api/sessions,
"requestId": "8067",
"requestHeaders": [
{
"name": "sec-ch-ua",
"value": "\"Chromium\";v=\"106\", \"Google Chrome\";v=\"106\", \"Not;A=Brand\";v=\"99\""
},
{
"name": "sec-ch-ua-mobile",
"value": "?0"
},
{
"name": "Authorization",
"value": "Bearer 30c9a358a38dbae2a4dd48e174e8fb22"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
},
{
"name": "Accept",
"value": "*/*"
},
{
"name": "cache-control",
"value": "no-cache"
},
{
"name": "X-Requested-With",
"value": "XMLHttpRequest"
},
{
"name": "sec-ch-ua-platform",
"value": "\"Windows\""
},
{
"name": "Origin",
"value": https://abo-gallery.qa.bnymellon.net
},
{
"name": "Sec-Fetch-Site",
"value": "same-origin"
},
{
"name": "Sec-Fetch-Mode",
"value": "cors"
},
{
"name": "Sec-Fetch-Dest",
"value": "empty"
},
{
"name": "Referer",
"value": https://abo-gallery.qa.bnymellon.net/gallery/
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br"
},
{
"name": "Accept-Language",
"value": "en-US,en;q=0.9"
},
{
"name": "Cookie",
"value": "SignInMessage.aea55ccab02de24d5e6c9bee0e0a3764={hash:0551b5e06bc0419ba26e15fdcfe5aa8a2497b1672627dd06338cb6bbafa1d656}; idsvr.session={hash:f2d5d5d8f034a2a30e1e51bcb4fc214981577a3bbcf58e4107e5159ae47d6dfd}; idsrv={hash:0caa0401ca5face606ceec16897cfb18432a4e0fb981395949b9ef692bf2c453}; _ga={hash:a46f6c24582cfc47b310bc981bac62afd1220daa578f606f02f35ee608eb3536}; _gid={hash:eb29ab732ba7536fd2116590808d70b8424e6fadc0d811a2bcbb8fc76846fca2}; smauthstatus={hash:5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9}; Saml2.x0kqPq1ZJyhgGCSqyxabhq6p={hash:9e50858f90934675c11aac7de9bdb4352b8f2b70a91d927d7132dc747e289c3f}; subscriptionRemoval={hash:b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b}; SMSESSION={hash:0cfa69d4a638e6333bfac8f9b3e7a1660d0139a5a2a631d7ad99065a22be1f8b}"
}
],
"responseStatus": 404,
"responseStatusText": "HTTP/1.1 404 Not Found",
"responseHeaders": [
{
"name": "Content-Length",
"value": "43"
},
{
"name": "Content-Type",
"value": "application/json; charset=utf-8"
},
{
"name": "Server",
"value": "Microsoft-HTTPAPI/2.0"
},
{
"name": "Access-Control-Allow-Origin",
"value": "*"
},
{
"name": "Date",
"value": "Wed, 05 Oct 2022 17:16:14 GMT"
}
]
},