Debug SAML Auth on AWX

Dustin · November 15, 2023, 3:15pm

My Setup
All running on one RHEL server
Kubernetes: Rancher
Install Method: Rancher + AWX-Operator 2.7.2 using Kustomize
External Access: NGINX Installed on the same RHEL server to proxy external connections on HTTPS to the awx_web pod

What’s Wrong
I cannot get SAML to work. My SSO team has setup the SSO portion of the SAML login.
I setup the SAML settings in Settings->Authentication->SAML Settings.
I have the SSO Login button on the login page.
When I click the SSO button on the login page:

I get forwarded to the SSO URL
SSO Sends me through the SAML login process
SSO forwards me back to my https://awx/sso/complete/saml/ URL
My AWX forwards me to /sso/error

When I use kubectl logs to watch the awx_web pod logs, the only error I see is "ERROR … Social: ‘RelayState’. I cannot figure out how to do any real debugging on this issue to point me in the right direction to get this working.

Does anyone have any pointers or tips?

jdp11d · April 11, 2024, 10:28pm

Running into the same issue on version 2.4.0. I am wondering if its related to the way my service is set up. Were you able to find a solution or a way to output better logs ? How are you generating your cert/key that saml requires? self signed?

Dustin · April 11, 2024, 11:39pm

In my instance, I had the wrong name configured in my SAML config. I’m not in office at the moment, but I can check when I get back in office on Monday.

I used the same cert and key for the SSO config that I used for Web interface, which is a cert signed by a trusted ca.

csmith · July 11, 2024, 2:13am

Can you tell me what you mean by “name in the SAML config”? I’m having a similar issue and don’t get much at all in the web logs other than I get forwarded to /sso/error