ansible awx saml integration with azure

Hi,

I am trying to configure Azure SAML for Ansible AWX. Followed all the steps mentioned in the below document

https://access.redhat.com/solutions/3889291

When I click on the SAML Azure icon, it gives the below error

AADSTS50011: The reply URL ‘http://ansible.example.io/sso/complete/saml/’ specified in the request does not match the reply URLs configured for the application ‘https://ansible.example.io’. Make sure the reply URL sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/urlMismatchError to learn more about how to fix this.

The reply URL in Azure is set to the SAML Assertion Consumer Service (ACS) URL which is
https://ansible.example.io/sso/complete/saml/. The entity ID in Azure is set to the Entity id configured in AWX which is https://ansible.example.io

I see that when it connects to SSO, the URL is http and not https (as shown in the error). The ACS URL however is https in AWX. Not sure if that is causing the problem.

AWX Operator version

0.24.0

AWX version

21.3.0

Kubernetes/Platform version 1.21

Am I missing any configuration?

Thanks for the help.

Hi,

Trying to check if anyone else has got the same error or if anyone has succeeded in establishing azure saml, if you can share the steps pls.

Thanks

I finally got a solution for this. Based on the below article, ansible AWX expects to find X-Fowarded-For, X-Forwarded-Port and X-Forwarded-Proto in the load balancer headers.

https://access.redhat.com/solutions/4004231

I am using aws classic load balancer for ansible AWX and as per the below article, only https with http backend protocol supports the above configurations.

https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-elb-listenerconfig-quickref.html

After changing the front end protocol to HTTPS and backend protocol to HTTP in LB listener configuration, the issue got resolved. Nginx was able to read the X-Forwarded-Port and direct it to the correct URL