Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[saml] Signature missing for assertion

See original GitHub issue

Issue Summary

I want to config redash use keycloak as SAML backend, now I can redirect to keycloak login page and can login success, but when keycloak redirect back to redash, I got error message below：

[2018-10-17 11:49:22,787][PID:21][INFO][saml2.response] status: <?xml version='1.0' encoding='UTF-8'?>
<ns0:Status xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status>
[2018-10-17 11:49:22,788][PID:21][ERROR][saml2.client_base] XML parse error: Signature missing for assertion
[2018-10-17 11:49:22,788][PID:21][ERROR][saml_auth] Failed to parse SAML response
Traceback (most recent call last):
  File "/app/redash/authentication/saml_auth.py", line 73, in idp_initiated
    entity.BINDING_HTTP_POST)
  File "/usr/local/lib/python2.7/dist-packages/saml2/client_base.py", line 702, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/saml2/entity.py", line 1170, in _parse_response
    response = response.verify(keys)
  File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 1018, in verify
    if self.parse_assertion(keys):
  File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 930, in parse_assertion
    if not self._assertion(assertion, False):
  File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 781, in _assertion
    raise SignatureError("Signature missing for assertion")
SignatureError: Signature missing for assertion

My SAML config is something look like this: SAML Metadata URL

http://xxx.xxx.xxx.xxx/auth/realms/somerelm/protocol/saml/descriptor

SAML Entity ID

redash

SAML NameID Format

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Steps to Reproduce

first install latest redash from docker compose
config like the config above

Technical details:

Redash Version:5.0.0+b4754
Browser/OS:chrome
How did you install Redash:docker compose

Issue Analytics

State:
Created 5 years ago
Comments:14 (1 by maintainers)

Top GitHub Comments

22reactions

rockxsjcommented, Oct 24, 2018

@thiagodiogo Of course!

FIrst, you should make sure keep your SAML enabled, and fill with these values:

SAML Metadata URL http://your.domain.com/auth/realms/${realmid}/protocol/saml/descriptor

SAML Entity ID redash

SAML NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Second, add a client named redash in keycloak with below configure:

That’s all!

1reaction

iamtodorcommented, Apr 30, 2021

@arikfr I’ve submitted PR with this documentation improvement https://github.com/getredash/website/pull/567 and I restyle the doc that was specified by Restyled.io bot Could you please take a look? Thanks in advance