SSO redirect not happening
Hello, I read the document https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/auth-method..., configured the following additional properties in /etc/rhn/rhn.conf and executed `spacewalk-service restart`: ``` ### custom java.sso = true java.sso.onelogin.saml2.sp.entityid = https://uyuni.example.com/rhn/manager/sso/metadata java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://uyuni.example.com/rhn/manager/sso/acs java.sso.onelogin.saml2.sp.single_logout_service.url = https://uyuni.example.com/rhn/manager/sso/sls java.sso.onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----\n<redacted>\n-----END CERTIFICATE----- java.sso.onelogin.saml2.idp.single_sign_on_service.url = https://sso.example.com/realms/dev/protocol/saml java.sso.onelogin.saml2.idp.entityid = https://uyuni.example.com/rhn/manager/sso/metadata java.sso.onelogin.saml2.idp.single_logout_service.url = https://sso.example.com/realms/dev/protocol/saml ``` The linked documentation states "When you visit the Uyuni URL, you are redirected to the IdP for SSO where you are requested to authenticate.", but this does not seem to be the case on my end - opening web UI presents me with the regular/local login page - no redirect to my IDP is happening. The system journal does not seem to show anything "new" either. Any ideas on what I am missing? This is a fresh stable installation. Thanks for reading! Georg
Update: Apparently the respective output does not happen in the system journal, but in /var/log/rhn/rhn_web_ui.log, where I was informed about an issue with my certificate. After resolving this, I got a bit further. The redirect _to_ the IDP is working now... but after the successful authentication with my SSO it redirects back to a Uyuni page saying ... Page Not Found The page you requested, /manager/sso/acs, was not found. ... In the browser console are two "CORS failed" entries, unsure if relevant: - /front-log - /login?url_bounce=/rhn/manager/frontend-log&request_method=POST I found https://github.com/SUSE/spacewalk/issues/11024#issuecomment-605054163 and seem to have configured it 1:1 now.. but again, I am likely missing something else... On 9/29/22 02:09, Georg Pfuetzenreuter via Uyuni Users wrote:
Hello,
I read the document https://www.uyuni-project.org/uyuni-docs/en/uyuni/administration/auth-method..., configured the following additional properties in /etc/rhn/rhn.conf and executed `spacewalk-service restart`:
``` ### custom java.sso = true java.sso.onelogin.saml2.sp.entityid = https://uyuni.example.com/rhn/manager/sso/metadata java.sso.onelogin.saml2.sp.assertion_consumer_service.url = https://uyuni.example.com/rhn/manager/sso/acs java.sso.onelogin.saml2.sp.single_logout_service.url = https://uyuni.example.com/rhn/manager/sso/sls java.sso.onelogin.saml2.idp.x509cert = -----BEGIN CERTIFICATE-----\n<redacted>\n-----END CERTIFICATE----- java.sso.onelogin.saml2.idp.single_sign_on_service.url = https://sso.example.com/realms/dev/protocol/saml java.sso.onelogin.saml2.idp.entityid = https://uyuni.example.com/rhn/manager/sso/metadata java.sso.onelogin.saml2.idp.single_logout_service.url = https://sso.example.com/realms/dev/protocol/saml ```
The linked documentation states "When you visit the Uyuni URL, you are redirected to the IdP for SSO where you are requested to authenticate.", but this does not seem to be the case on my end - opening web UI presents me with the regular/local login page - no redirect to my IDP is happening. The system journal does not seem to show anything "new" either.
Any ideas on what I am missing? This is a fresh stable installation.
Thanks for reading! Georg
On 29/09/2022, at 04:23, Georg Pfuetzenreuter via Uyuni Users wrote:
The redirect _to_ the IDP is working now... but after the successful authentication with my SSO it redirects back to a Uyuni page saying
... Page Not Found The page you requested, /manager/sso/acs, was not found.
Can you please share:
1. `grep java.sso /etc/rhn/rhn.conf` (redact all sensitive data before
sharing)
2. `cat /var/log/rhn/rhn_web_ui.log`
Thanks
--
Michele Bologna
participants (2)
-
Georg Pfuetzenreuter
-
Michele Bologna