SAML integration error

Archives AWX Project
1

Hi,

I’m currently trying to implement SAML on AWX 1.0.3 in the IdP-initiated mode.

This is the current configuration:

  • AWX is behind a RP

  • ACS URL: https://10.203.12.139:8443/sso/metadata/saml/

  • Entity ID : aia-01

  • SAML Enabled IDP:{

    “my IdP”: {

    “url”: “https://idp_host/affwebservices/public/saml2sso?SPID=aia-01&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”,

    “entity_id”: “https://idp_host”,

    “attr_user_permanent_id”: “User.surname”,

    “x509cert”: “xxxxxxxxx” }}

When I request access to AWX via the IdP link, the browser receives the following SAML response from the IdP:

https://idp_host xxxxxxx xxxxxxx xxxxxxx https://idp_host xxx@xxxxx.com aia-01 urn:oasis:names:tc:SAML:2.0:ac:classes:Password xxxxxxx xxxxxxx

However when this response is posted to AWX, I get the following error in awx_web container logs : 2018-06-07 14:01:09,395 ERROR social “‘RelayState’”.

686×683 45 KB

Is something missing in the SAML response sent by the IdP ??

Thank you.

2

image.png766×397 94.9 KB

The RelayState is passed to the IDP in the first GET request i.e. https://ansible-redhat-dev.onelogin.com/trust/saml2/http-post/sso/721709?SAMLRequest=<base_64_stuff_here>&RelayState=westidp
In the POST reply the relay state should be included in the payload ie. RelayState: westidp

In your case RelayState should be RelayState: my IdP

(attachments)

Auto Generated Inline Image 1.png
Auto Generated Inline Image 1.png686×683 45 KB

3

I add the ReplayState to the first get as follow: https://idp_host/affwebservices/public/saml2sso?SPID=aia-01&ProtocolBinding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&RelayState=my IdP and it is included in the post to AWX. However I get the same error

Should I append the ReplayState=my idp to URL in the SAML Enabled IDP ?

(attachments)

Auto Generated Inline Image 1.png
Auto Generated Inline Image 1.png686×683 45 KB

image.png
image.png766×397 94.9 KB