Hello,
Keep getting 404.0 error when using Azure AD SSO, SAML authentiation.
Other than adding 'whiltelist.alteryx.com' to trusted sources on our side, would there have to be any IP added to the Alteryx Whitelist?
All other settings/configurations are based on our existing server, which works. Ports are open for http, https and mongoDB. Trying to figure out the last piece.
Built in and Microsoft Authentications work, but just not SAML.
ADDED: Here is the authenication log entry what seems to be point of failure.
'2023-09-25 00:26:04.880 -04:00 [Information] Configuring IdSvr.
2023-09-25 00:26:04.974 -04:00 [Warning] AuthorizationCodeStore not configured - falling back to InMemory
2023-09-25 00:26:04.974 -04:00 [Warning] TokenHandleStore not configured - falling back to InMemory
2023-09-25 00:26:04.974 -04:00 [Warning] ConsentStore not configured - falling back to InMemory
2023-09-25 00:26:04.974 -04:00 [Warning] RefreshTokenStore not configured - falling back to InMemory
20
'
Thank you,
rdt
Hey @tothd ,
Your IDP URL and Metadata must be accessible from the Alteryx Server machine. Check if you can reach both from your Server`s internet browser.
Here is more about SAML: https://community.alteryx.com/t5/Engine-Works/Alteryx-Architectures-SAML-SSO-Authentication/ba-p/895...
Double-check if everything was configured properly: https://knowledge.alteryx.com/index/s/article/Configuring-SAML-2-0-on-Alteryx-Server-for-Azure-AD
Best,
Fernando Vizcaino
hi @tothd
As @fmvizcaino wrote, please refer to articles. Basically you have to closely coordinate with your IT team(Azure admin) to complete setup with SAML config.
For your info, I share my experience on SAML auth in Alteryx Server. In order to use SAML, Alteryx Server shall use TSL/SSL connection https(443), not http(80) to establish connection with Azure(IDP). This can be a typical pitfall if you run machine within VPN environment(normally using http(80)). If not yet so, please change it to https first.
Hello,
This particular issue was being caused by the wrong port being bound to the certificate. Binding to port 443 solved this one.
Thank you,
rdt