By: Darrell Breeden user 18 Jan 2021 at 8:29 a.m. CST

5 Responses
Darrell Breeden gravatar
## Summary Gluu 4.2 is deployed into Kubernetes and is working fine for traditional authenticaiton. SAML provider is added to gluu-passport for our Okta provider. `passport_saml` successfully initiates the login with Okta, but after the login at Okta is handed back to passport, an error is generated. ## Expected Behavior User would have been mapped, created in gluu and logged in ## Actual Behavior `An error has occurred` along with: ``` 2021-01-15T16:55:14.574Z [ERROR] Unknown Error: TypeError: Cannot read property 'RelayState' of undefined 2021-01-15T16:55:14.574Z [ERROR] TypeError: Cannot read property 'RelayState' of undefined at Object.process (/opt/gluu/node/passport/server/idp-initiated.js:94:25) at processIdpInitiated (/opt/gluu/node/passport/server/routes.js:146:15) at Layer.handle [as handle_request] (/opt/gluu/node/passport/node_modules/express/lib/router/layer.js:95:5) at next (/opt/gluu/node/passport/node_modules/express/lib/router/route.js:137:13) at complete (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:268:13) at /opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:275:15 at pass (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:431:14) at Authenticator.transformAuthInfo (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:453:5) at /opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:272:22 at /opt/gluu/node/passport/node_modules/passport/lib/http/request.js:52:7 at /opt/gluu/node/passport/node_modules/passport/lib/sessionmanager.js:26:5 at pass (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:277:43) at serialized (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:286:7) at passport.serializeUser (/opt/gluu/node/passport/server/app.js:52:2) at pass (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:294:9) at Authenticator.serializeUser (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:299:5) at SessionManager.logIn (/opt/gluu/node/passport/node_modules/passport/lib/sessionmanager.js:14:8) at IncomingMessage.req.login.req.logIn (/opt/gluu/node/passport/node_modules/passport/lib/http/request.js:50:33) at Strategy.strategy.success (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:253:13) at verified (/opt/gluu/node/passport/node_modules/passport-saml/lib/passport-saml/strategy.js:63:14) at processProfile (/opt/gluu/node/passport/server/providers.js:30:9) at Strategy.uncurried (/opt/gluu/node/passport/server/providers.js:65:10) ``` ## Details ### Full Log Stack ``` 2021-01-15T16:55:08.189Z [INFO] ::ffff:10.0.2.124 - GET /passport/auth/mrg-okta-saml/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqd3QiOiJmOGFjM2VmOS01YjcxLTRiMzYtOTdhMi02Y2Q4ZWQ5ODRhMTUiLCJpYXQiOjE2MTA3Mjk3MDgsImV4cCI6MTYxMDcyOTgyOH0.iQQwzHZX87pvmE-NIXsbuNzPQMVy-RUQaE_ehRdyfHg HTTP/1.1 302 0 - 2.430 ms 2021-01-15T16:55:14.543Z [VERBOSE] Authenticating request against mrg-okta-saml 2021-01-15T16:55:14.573Z [INFO] Applying mapping 'saml_ldap_profile' to profile 2021-01-15T16:55:14.573Z [DEBUG] Resulting profile data is { "provider": "mrg-okta-saml" } 2021-01-15T16:55:14.573Z [DEBUG] RelayState value: MRGSAML1 2021-01-15T16:55:14.573Z [DEBUG] SAML reponse in body: PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJlc3BvbnNlIERlc3RpbmF0aW9uPSJodHRwczovL2lkcGRldi5tZXR3b3J4LmNvbS9wYXNzcG9ydC9hdXRoL3NhbWwvbXJnLW9rdGEtc2FtbC9jYWxsYmFjayIgSUQ9ImlkODY5NDY3NDkwNjg4NDc5NzE2NDM2ODg5NDAiIEluUmVzcG9uc2VUbz0iX2IyZmI1ZTE5YmJhNjQxOWYxZTJhIiBJc3N1ZUluc3RhbnQ9IjIwMjEtMDEtMTVUMTY6NTU6MTQuMzgwWiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrNzd6aG5oZFU0VkxNdG4zNTc8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDg2OTQ2NzQ5MDY4ODQ3OTcxNjQzNjg4OTQwIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU+SEZXTUFMVGNMNHNvVHRoakcva0dYRmx2VTkvZDkrQ3p6SUNMRXpwZ2JJND08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+STFGVWN0Qk40aFIxN2xpd25mVEdYZDFuYW9jR1pWMW16RTRuaDVnOStzaHZHMDg5NkdWZGRFR3lTM1ZTSG42WHEwR2MrZ241eTNUM2pSMWlwTGJKb2lxWXViTnZiMWllcnRySDFMNEc1VFAyQ2xVY3VPTitSS1V6VjVtNGZmQ3o1YTI1ckZGeHhQLzZkKzY4NGlzS2psQW52L2ZDK2hnT0o1RUkrVzZINnYvS1cyeEthKzAyU0IvYktXbkZIYVFnUnpYQjVuUUVGb1lwTUZnVE1hYXRZak12QUdRbklJYUpIVEJFNEdxZHMzMEFZVko2dWdRNkd5TW1jVC9CVm1OYlVnc09NL3hzQ0liU2RwNVM4N3QrNCttK0FkZndOVkhTOXBHVGxZaHpHVDFrZjJ1U2FxZlVvQmtaWTJNMmNrdWZCODdCV1pxSGhvTlhDc0ErbzU5N3NBPT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSURvRENDQW9pZ0F3SUJBZ0lHQVd6ZWR4OFpNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR1FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4RVRBUEJnTlZCQU1NQ0cxbGRISjFiWEpuTVJ3d0dnWUpLb1pJaHZjTkFRa0JGZzFwCmJtWnZRRzlyZEdFdVkyOXRNQjRYRFRFNU1EZ3lPVEUzTXprME5Gb1hEVEk1TURneU9URTNOREEwTkZvd2daQXhDekFKQmdOVkJBWVQKQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibU5wYzJOdk1RMHdDd1lEVlFRSwpEQVJQYTNSaE1SUXdFZ1lEVlFRTERBdFRVMDlRY205MmFXUmxjakVSTUE4R0ExVUVBd3dJYldWMGNuVnRjbWN4SERBYUJna3Foa2lHCjl3MEJDUUVXRFdsdVptOUFiMnQwWVM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDZG8rR2EKUXVZM1lCN1BQTjRzb0lwR2hETnc4bEd3dWtxSEw2a1pLS0w4amdhbUZIay9TM3A0UnBTOE5ZMEhyTEdxWThtS2hrME14dzZzMGRCaQpYb2ZOR3FEWU1RN3pyMVI0SDhKUU15K1EyVTZrYUJQcFI4Z2RPZ29McjV5WmJwS2kvSWRlalhvdGNWUTRBbC8yd0MrUVBFend6b0orCkE3dm1ib0NNNlE3UTRjR3ZBMS93NmVBTjUrMVRVNFlLYWdjRU40NVVYZTg3TWRvZlVIaUdzSWVsci9kY1d5MmxxQnJnTmQ4NkpnTUQKbFhvaGpXcjlGWm51azdzV1hSZ0RWckVDTlFWbDE1OWxuRGhPREczdWdVZE5oM3BYTTkvNWF4N1hwZy9pbUY4WXRjemIvOXMrSFV2YwpNUndhcDVqWnh0MFNBRHZyb2pSMVVTNmN2Y1BPMTJ5YkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUpiZW1VeDlBYThlCjB0TGtVdnBXWHV4OTUzWEIxTm1IdXRjcFU2SFJ0Z3ZFKzQ3cE8xUElzVW1KMjhWeW5sMnNBVEt5TEI0a0M3YVpLOWNrZUZMOHE2djcKaDRLUUJGMWw1NTJjOFg4M3ZVMExucCt1NFlyOWNHS1FiUVYxTWorSFZqQThqSGNjMC81b2ZwYU01SXIwQkJ4bUlrWUhZRlowN1ZoVQp3WWtoTm0rQ201VUVlc1lIOXR5cllzYTZhbE1NdW5aYkF0dVNKUkpzWnYzaUZURWZMSmMrYWp2Q2gwc2F6WHhQNVNFVFBZWnVHM280CkVYcXFYc0g0ZFlENi9FckVaVXBUK1FjWGVUZS9xbDZ0Z0tkZkJHZE4zTDFGZ21SS1loTHg5M3NscVBxeGpaTUxMV0xVdkVtSjlDREEKcmwyUllWV3VUMTM1VVFoQ1p6WHVSMFpZb0xzPTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMnA6U3RhdHVzIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIj48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbDJwOlN0YXR1cz48c2FtbDI6QXNzZXJ0aW9uIElEPSJpZDg2OTQ2NzQ5MDY5ODM0NTAxNjgxNDU0NTk2IiBJc3N1ZUluc3RhbnQ9IjIwMjEtMDEtMTVUMTY6NTU6MTQuMzgwWiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly93d3cub2t0YS5jb20vZXhrNzd6aG5oZFU0VkxNdG4zNTc8L3NhbWwyOklzc3Vlcj48ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PGRzOlJlZmVyZW5jZSBVUkk9IiNpZDg2OTQ2NzQ5MDY5ODM0NTAxNjgxNDU0NTk2Ij48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiLz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9kczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFsdWU+Q28wd1RlSzJNVi9NeGN3bGlLcUlsZnJjZ0pnc1QzVUdhbFR5bk5sRm5EMD08L2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48ZHM6U2lnbmF0dXJlVmFsdWU+T2lnQmlFNWJtY1kwNXIxSE5wTU1GZ1NkYUNFdnQzQ29xOXMxdTFrNk16U3lobXphTVE3MGxPSUhPZ0U2Rjk5cFg1TlRkZW83Q0cxVHcrZmI3Y2pieEwrblhNOWp6OUdtNFJKZVpyZWJHQ2IvaUhoRG0rdisrQnZXSEZMTlVCWkx2Z3FJNXJSYVJOYkV6NllLaXlNMTVyR3B4OTNqWUVzclNJTUpPRFQ4WmZ3YkJ6b2lQNDc1Qk1EM3dxZjEwakVaeWdZSUNMei8wWEZSb1pEMWlBWFFteGphUGlUamtrR3dhOHo2amtKa3ZiWE5FUkFETHE3ZjBiR015bE1tcmVJREZvRVVvV29CSGJWbXlGajJFVjFtdFBEcTlMTk5VSXg5cTdlOVVPNjBjU2p4ZWdrbmw0dVBobkFBN3NOTDRRU3FyRU00VGptVGdaUW43R0JzVlgwVDN3PT08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSURvRENDQW9pZ0F3SUJBZ0lHQVd6ZWR4OFpNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR1FNUXN3Q1FZRFZRUUdFd0pWVXpFVE1CRUcKQTFVRUNBd0tRMkZzYVdadmNtNXBZVEVXTUJRR0ExVUVCd3dOVTJGdUlFWnlZVzVqYVhOamJ6RU5NQXNHQTFVRUNnd0VUMnQwWVRFVQpNQklHQTFVRUN3d0xVMU5QVUhKdmRtbGtaWEl4RVRBUEJnTlZCQU1NQ0cxbGRISjFiWEpuTVJ3d0dnWUpLb1pJaHZjTkFRa0JGZzFwCmJtWnZRRzlyZEdFdVkyOXRNQjRYRFRFNU1EZ3lPVEUzTXprME5Gb1hEVEk1TURneU9URTNOREEwTkZvd2daQXhDekFKQmdOVkJBWVQKQWxWVE1STXdFUVlEVlFRSURBcERZV3hwWm05eWJtbGhNUll3RkFZRFZRUUhEQTFUWVc0Z1JuSmhibU5wYzJOdk1RMHdDd1lEVlFRSwpEQVJQYTNSaE1SUXdFZ1lEVlFRTERBdFRVMDlRY205MmFXUmxjakVSTUE4R0ExVUVBd3dJYldWMGNuVnRjbWN4SERBYUJna3Foa2lHCjl3MEJDUUVXRFdsdVptOUFiMnQwWVM1amIyMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDZG8rR2EKUXVZM1lCN1BQTjRzb0lwR2hETnc4bEd3dWtxSEw2a1pLS0w4amdhbUZIay9TM3A0UnBTOE5ZMEhyTEdxWThtS2hrME14dzZzMGRCaQpYb2ZOR3FEWU1RN3pyMVI0SDhKUU15K1EyVTZrYUJQcFI4Z2RPZ29McjV5WmJwS2kvSWRlalhvdGNWUTRBbC8yd0MrUVBFend6b0orCkE3dm1ib0NNNlE3UTRjR3ZBMS93NmVBTjUrMVRVNFlLYWdjRU40NVVYZTg3TWRvZlVIaUdzSWVsci9kY1d5MmxxQnJnTmQ4NkpnTUQKbFhvaGpXcjlGWm51azdzV1hSZ0RWckVDTlFWbDE1OWxuRGhPREczdWdVZE5oM3BYTTkvNWF4N1hwZy9pbUY4WXRjemIvOXMrSFV2YwpNUndhcDVqWnh0MFNBRHZyb2pSMVVTNmN2Y1BPMTJ5YkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUpiZW1VeDlBYThlCjB0TGtVdnBXWHV4OTUzWEIxTm1IdXRjcFU2SFJ0Z3ZFKzQ3cE8xUElzVW1KMjhWeW5sMnNBVEt5TEI0a0M3YVpLOWNrZUZMOHE2djcKaDRLUUJGMWw1NTJjOFg4M3ZVMExucCt1NFlyOWNHS1FiUVYxTWorSFZqQThqSGNjMC81b2ZwYU01SXIwQkJ4bUlrWUhZRlowN1ZoVQp3WWtoTm0rQ201VUVlc1lIOXR5cllzYTZhbE1NdW5aYkF0dVNKUkpzWnYzaUZURWZMSmMrYWp2Q2gwc2F6WHhQNVNFVFBZWnVHM280CkVYcXFYc0g0ZFlENi9FckVaVXBUK1FjWGVUZS9xbDZ0Z0tkZkJHZE4zTDFGZ21SS1loTHg5M3NscVBxeGpaTUxMV0xVdkVtSjlDREEKcmwyUllWV3VUMTM1VVFoQ1p6WHVSMFpZb0xzPTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sMjpTdWJqZWN0IHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDI6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6dHJhbnNpZW50Ij5kYXJyZWxsYkBtZXRydW1yZy5jb208L3NhbWwyOk5hbWVJRD48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sMjpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il9iMmZiNWUxOWJiYTY0MTlmMWUyYSIgTm90T25PckFmdGVyPSIyMDIxLTAxLTE1VDE3OjAwOjE0LjM4MFoiIFJlY2lwaWVudD0iaHR0cHM6Ly9pZHBkZXYubWV0d29yeC5jb20vcGFzc3BvcnQvYXV0aC9zYW1sL21yZy1va3RhLXNhbWwvY2FsbGJhY2siLz48L3NhbWwyOlN1YmplY3RDb25maXJtYXRpb24+PC9zYW1sMjpTdWJqZWN0PjxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMS0wMS0xNVQxNjo1MDoxNC4zODBaIiBOb3RPbk9yQWZ0ZXI9IjIwMjEtMDEtMTVUMTc6MDA6MTQuMzgwWiIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5tcmctb2t0YS1zYW1sPC9zYW1sMjpBdWRpZW5jZT48L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sMjpDb25kaXRpb25zPjxzYW1sMjpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjEtMDEtMTVUMTY6NTU6MTMuNjE4WiIgU2Vzc2lvbkluZGV4PSJfYjJmYjVlMTliYmE2NDE5ZjFlMmEiIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDI6QXV0aG5Db250ZXh0PjxzYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydDwvc2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sMjpBdXRobkNvbnRleHQ+PC9zYW1sMjpBdXRoblN0YXRlbWVudD48L3NhbWwyOkFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4= 2021-01-15T16:55:14.574Z [ERROR] Unknown Error: TypeError: Cannot read property 'RelayState' of undefined 2021-01-15T16:55:14.574Z [ERROR] TypeError: Cannot read property 'RelayState' of undefined at Object.process (/opt/gluu/node/passport/server/idp-initiated.js:94:25) at processIdpInitiated (/opt/gluu/node/passport/server/routes.js:146:15) at Layer.handle [as handle_request] (/opt/gluu/node/passport/node_modules/express/lib/router/layer.js:95:5) at next (/opt/gluu/node/passport/node_modules/express/lib/router/route.js:137:13) at complete (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:268:13) at /opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:275:15 at pass (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:431:14) at Authenticator.transformAuthInfo (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:453:5) at /opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:272:22 at /opt/gluu/node/passport/node_modules/passport/lib/http/request.js:52:7 at /opt/gluu/node/passport/node_modules/passport/lib/sessionmanager.js:26:5 at pass (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:277:43) at serialized (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:286:7) at passport.serializeUser (/opt/gluu/node/passport/server/app.js:52:2) at pass (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:294:9) at Authenticator.serializeUser (/opt/gluu/node/passport/node_modules/passport/lib/authenticator.js:299:5) at SessionManager.logIn (/opt/gluu/node/passport/node_modules/passport/lib/sessionmanager.js:14:8) at IncomingMessage.req.login.req.logIn (/opt/gluu/node/passport/node_modules/passport/lib/http/request.js:50:33) at Strategy.strategy.success (/opt/gluu/node/passport/node_modules/passport/lib/middleware/authenticate.js:253:13) at verified (/opt/gluu/node/passport/node_modules/passport-saml/lib/passport-saml/strategy.js:63:14) at processProfile (/opt/gluu/node/passport/server/providers.js:30:9) at Strategy.uncurried (/opt/gluu/node/passport/server/providers.js:65:10) ``` I haven't been able to make heads or tails of what is undefined. The RelayState is present in the logs from either route.js or idp-initiated.js. It's kind of hard to tell which since they have the exact same log messages. Secondly the Relay state is clearly present in the debug logs and the body of the SAML response is present as it's being displayed. I'm wondering if there's something small I'm missing.

By Darrell Breeden user 19 Jan 2021 at 10:41 a.m. CST

Darrell Breeden gravatar
The problem is coming from ```js function process(req, res, next) { let user = req.user, relayState = req.body.RelayState ``` When process is called, the req is present but the `body` field does not exist as a member of the request

By Darrell Breeden user 19 Jan 2021 at 10:46 a.m. CST

Darrell Breeden gravatar
```js function processIdpInitiated(req, res, next) { let user = req.user, relayState = req.body.RelayState logger.log2('debug', `RelayState value: ${relayState}`) logger.log2('debug', `SAML reponse in body:\n${req.body.SAMLResponse}`) abortIfProfileMissing(req, res, user) idpInitiated.process(user, relayState, global.iiconfig, res, next) } ``` When IDP Initiated requests start, user is processed as `req.user`. That's handed down as the request, which does not have a body. You can fairly easily fix this by setting the body onto it from the raw request: ```js let user = req.user, relayState = req.body.RelayState logger.log2('debug', `RelayState value: ${relayState}`) logger.log2('debug', `SAML reponse in body:\n${req.body.SAMLResponse}`) abortIfProfileMissing(req, res, user) user.body = req.body idpInitiated.process(user, relayState, global.iiconfig, res, next) ```

By Michael Schwartz Account Admin 24 Jan 2021 at 8:50 a.m. CST

Michael Schwartz gravatar
This support ticket is beyond the scope of community support. Please contact sales about a VIP support contract.

By Darrell Breeden user 26 Jan 2021 at 10:43 a.m. CST

Darrell Breeden gravatar
Just to clarify or add knowledge in case anyone comes across this, it was a rather large effort to go through and manually resolve the code issues myself, and the further I got into it, I realized it had to have already been solved. Our production environment was deployed on a newer version of gluu (4.2.1) and was completely unaffected. We were able to setup SAML integration both IDP Inititated and Gluu-Initiated without issue. As such, we'll simply tear down our development instance and re-deploy with 4.2.1. Basically we upgraded from 4.2.0 to 4.2.1

By Michael Schwartz Account Admin 26 Jan 2021 at 10:52 a.m. CST

Michael Schwartz gravatar
Thanks for the note.