Bug: Unable to log in after configuring SSO #891
Comments
|
{"http_status":401,"timestamp":"2024-09-30T15:39:17.865591119Z","request_id":"0009dd20-7f2e-4ff8-b90e-815e80e15e11","errors":[{"context":"","message":"authentication is invalid"}]} |
sunesra
changed the title
StephenHinck
changed the title
|
Hi @sunesra - can you please provide additional log details? Before the "Authentication is invalid" line, you should see additional information about SAML lookups, identified fields, etc. Please include those in your report. A SAML trace report would also be incredibly helpful to troubleshoot. |
|
I just uploaded Tracer logs. |
|
Hi @sunesra - those look like the headers in the HTTP calls, however do not include the SAML assertion information. Your API logs will indicate what attributes were parsed from the assertion. As a general item of information, this page https://support.bloodhoundenterprise.io/hc/en-us/articles/9228122981275-SAML-in-BloodHound is super helpful for configuring SAML. Usually, the problem folks run into is not including one of the two supported attributes in the assertion (http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress OR urn:oid:0.9.2342.19200300.100.1.3), and mapping the user's email address to that field. You should then match that to the email field in BloodHound. |
|
Hello, Can you guide us what steps we can take to move this further? |
|
We are having similar error message (#83) |
|
@sunesra would you please provide the API logs - if you don't have an active terminal, One note based on a hunch from what others have experienced in the past, make sure you've granted appropriate system resources to Docker to run BloodHound: https://github.com/SpecterOps/BloodHound?tab=readme-ov-file#system-requirements. Error 137 from Docker indicates that the container attempted to use more memory than was allocated, and this commonly happens on authentication (due to the Argon2 key derivation algorithm used by BloodHound). |
|
|
|
Logs provided in the SS |
|
Closing this as a duplicate of #83 |
|
We will have improved documentation for deploying SAML coming out shortly. Our team has an ongoing effort in the area of SSO and will include that documentation (and review #83) as part of that effort. |
|
Hello Stephen Hinck, You mean that we have some bug on BloodHound side? |
|
@sunesra - I closed this issue as, from what I can tell from your logs, it's a duplicate reporting of #83 where you're not clear how to configure the certificates for SAML and getting an error for the product's inability to decode the certificate provided. Our team is working on adding OIDC support and I have asked them to document the SAML deployment as part of this effort. They will close out #83 when that's completed. |
Description:
A clear and concise description of the bug you're encountering.
Are you intending to fix this bug?
Please indicate "yes" or "no".
Component(s) Affected:
Steps to Reproduce:
Expected Behavior:
A description of what you expected to happen.
Actual Behavior:
A description of what actually happened.
Screenshots/Code Snippets/Sample Files:
If applicable, add screenshots, relevant code snippets, or sample files that help illustrate the issue.
Environment Information:
BloodHound: [BloodHound version or revision]
Collector: [SharpHound version / AzureHound version]
OS: [your OS and version]
Browser (if UI related): [browser name and version]
Node.js (if UI related: [Node.js version]
Go (if API related): [Go version]
Database (if persistence related): [Neo4j version / PostgreSQL version]
Docker (if using Docker): [docker version]
Additional Information:
Any additional context or information that might be helpful in understanding and diagnosing the issue.
Potential Solution (optional):
If you have any ideas about what might be causing the issue or how it could be fixed, you can share them here.
Related Issues:
If you've found related issues in the project's issue tracker, mention them here.
Contributor Checklist:
The text was updated successfully, but these errors were encountered: