Debug SAML Auth on AWX

My Setup
All running on one RHEL server
Kubernetes: Rancher
Install Method: Rancher + AWX-Operator 2.7.2 using Kustomize
External Access: NGINX Installed on the same RHEL server to proxy external connections on HTTPS to the awx_web pod

What’s Wrong
I cannot get SAML to work. My SSO team has setup the SSO portion of the SAML login.
I setup the SAML settings in Settings->Authentication->SAML Settings.
I have the SSO Login button on the login page.
When I click the SSO button on the login page:

  1. I get forwarded to the SSO URL
  2. SSO Sends me through the SAML login process
  3. SSO forwards me back to my https://awx/sso/complete/saml/ URL
  4. My AWX forwards me to /sso/error

When I use kubectl logs to watch the awx_web pod logs, the only error I see is "ERROR … Social: ‘RelayState’. I cannot figure out how to do any real debugging on this issue to point me in the right direction to get this working.

Does anyone have any pointers or tips?

Running into the same issue on version 2.4.0. I am wondering if its related to the way my service is set up. Were you able to find a solution or a way to output better logs ? How are you generating your cert/key that saml requires? self signed?

In my instance, I had the wrong name configured in my SAML config. I’m not in office at the moment, but I can check when I get back in office on Monday.

I used the same cert and key for the SSO config that I used for Web interface, which is a cert signed by a trusted ca.

1 Like