[saml] Signature missing for assertion
See original GitHub issueIssue Summary
I want to config redash use keycloak as SAML backend, now I can redirect to keycloak login page and can login success, but when keycloak redirect back to redash, I got error message below:
[2018-10-17 11:49:22,787][PID:21][INFO][saml2.response] status: <?xml version='1.0' encoding='UTF-8'?>
<ns0:Status xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status>
[2018-10-17 11:49:22,788][PID:21][ERROR][saml2.client_base] XML parse error: Signature missing for assertion
[2018-10-17 11:49:22,788][PID:21][ERROR][saml_auth] Failed to parse SAML response
Traceback (most recent call last):
File "/app/redash/authentication/saml_auth.py", line 73, in idp_initiated
entity.BINDING_HTTP_POST)
File "/usr/local/lib/python2.7/dist-packages/saml2/client_base.py", line 702, in parse_authn_request_response
binding, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/saml2/entity.py", line 1170, in _parse_response
response = response.verify(keys)
File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 1018, in verify
if self.parse_assertion(keys):
File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 930, in parse_assertion
if not self._assertion(assertion, False):
File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 781, in _assertion
raise SignatureError("Signature missing for assertion")
SignatureError: Signature missing for assertion
My SAML config is something look like this: SAML Metadata URL
http://xxx.xxx.xxx.xxx/auth/realms/somerelm/protocol/saml/descriptor
SAML Entity ID
redash
SAML NameID Format
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Steps to Reproduce
- first install latest redash from docker compose
- config like the config above
Technical details:
- Redash Version:5.0.0+b4754
- Browser/OS:chrome
- How did you install Redash:docker compose
Issue Analytics
- State:
- Created 5 years ago
- Comments:14 (1 by maintainers)
Top Results From Across the Web
SAML response signiture missing - Stack Overflow
I am trying to implement SAML2 SSO, I am getting an error saml2.sigver.SignatureError: Signature missing for response .
Read more >SAML Response Assertion signature validation failed.
SAML Response Assertion signature validation failed. Hi. We was configured Azure how identity provider to GSuite accounts.
Read more >Received invalid SAML response: Signature validation failed ...
The SAML module that Confluence is using is expecting only the assertion portion of the SAML response to be signed.
Read more >SAML response signature is missing. - Shibboleth Consortium
I learned this the hard way, but some providers don't return signature in the assertion response. If it stared happening without you making ......
Read more >SAML Authentication failing after upgrade from 4.2.x to 4.3+
SignatureError : Signature missing for response ... 2018-10-03 13:57:41,539 INFO P1 90347 Thread-12 Invalid or malformed SAML Assertion.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@thiagodiogo Of course!
FIrst, you should make sure keep your SAML enabled, and fill with these values:
SAML Metadata URL http://your.domain.com/auth/realms/${realmid}/protocol/saml/descriptor
SAML Entity ID redash
SAML NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Second, add a client named redash in keycloak with below configure:
That’s all!
@arikfr I’ve submitted PR with this documentation improvement https://github.com/getredash/website/pull/567 and I restyle the doc that was specified by Restyled.io bot Could you please take a look? Thanks in advance