Error 404 some times instead of oxauth/login.htm

By: MARKUS SPEICHER user 13 Aug 2019 at 6:22 a.m. CDT

12 Responses
MARKUS SPEICHER gravatar
Hello, I have integrated gluu as saml IDP for different service providers, Salesforce and G-Suite as example. Sometimes I get an error 404 instead of the login screen. When I do reload it works in most cases. But sometimes e.g. Android Enterprise Enrollment going back or reload is not possible, then I have to start from the beginning, which is annoying. I found the following in the oxauth log when I see the 404 but don't know what I should change. 2019-08-13 10:20:12,861 ERROR [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaNeedsInfoService] (UmaNeedsInfoService.java:92) - Unable to load UMA script dn: 'inum=@!506C.9E6D.C32E.8B40!0001!5CCD.AB39!0011!2DAF.F9A5,ou=scripts,o=@!506C.9E6D.C32E.8B40!0001!5CCD.AB39,o=gluu' 2019-08-13 10:20:12,861 WARN [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaTokenService] (UmaTokenService.java:103) - There are no any policies that protects scopes. Scopes: uma_authorization https://idp.mobl-service.eu/oxauth/restv1/uma/scopes/passport_access. Configuration property umaGrantAccessIfNoPolicies: false 2019-08-13 10:20:12,862 WARN [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaTokenService] (UmaTokenService.java:108) - Access denied because there are no any protection. Make sure it is intentional behavior. 2019-08-13 10:20:12,862 ERROR [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaTokenService] (UmaTokenService.java:135) - Exception happened org.xdi.oxauth.uma.authorization.UmaWebException: HTTP 403 Forbidden at org.xdi.oxauth.uma.service.UmaTokenService.requestRpt(UmaTokenService.java:109) [classes/:?] at org.xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl.requestAccessToken(TokenRestWebServiceImpl.java:115) [classes/:?] at org.xdi.oxauth.token.ws.rs.TokenRestWebServiceImpl$Proxy$_$$_WeldClientProxy.requestAccessToken(Unknown Source) [classes/:?] at sun.reflect.GeneratedMethodAccessor147.invoke(Unknown Source) ~[?:?] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:140) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:295) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:249) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:236) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:402) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:209) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:228) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51) [resteasy-jaxrs-3.0.21.Final.jar:3.0.21.Final] at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) [servlet-api-3.1.jar:3.1.0] at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:865) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1655) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.websocket.server.WebSocketUpgradeFilter.doFilter(WebSocketUpgradeFilter.java:215) [websocket-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.xdi.oxauth.auth.AuthenticationFilter.processJwtAuth(AuthenticationFilter.java:389) [classes/:?] at org.xdi.oxauth.auth.AuthenticationFilter.doFilter(AuthenticationFilter.java:109) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.gluu.oxserver.filters.AbstractCorsFilter.handleNonCORS(AbstractCorsFilter.java:344) [oxcore-server-3.1.6.sp1.jar:?] at org.gluu.oxserver.filters.AbstractCorsFilter.doFilter(AbstractCorsFilter.java:121) [oxcore-server-3.1.6.sp1.jar:?] at org.xdi.oxauth.filter.CorsFilter.doFilter(CorsFilter.java:104) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1642) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.xdi.oxauth.audit.debug.ServletLoggingFilter.doFilter(ServletLoggingFilter.java:55) [classes/:?] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1634) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:533) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:146) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) [jetty-security-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:257) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1340) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473) [jetty-servlet-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1242) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:220) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:126) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.Server.handle(Server.java:503) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:364) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260) [jetty-server-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:305) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:103) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118) [jetty-io-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.runTask(EatWhatYouKill.java:333) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:310) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:168) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:126) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:765) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:683) [jetty-util-9.4.12.v20180830.jar:9.4.12.v20180830] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181] 2019-08-13 10:21:12,853 INFO [qtp804611486-18] [org.xdi.oxauth.auth.Authenticator] (Authenticator.java:262) - Authentication success for Client: '@!506C.9E6D.C32E.8B40!0001!5CCD.AB39!0008!BC90.38A0 my Test SP is https://speicher-dev-ed.my.salesforce.com for gluu please choose Shibboleth. In a normal browser is works always. Issues I have on Android for Android Enterprise Enrollment and iOS using Salesforce app. For any tip thankful in advance. Best regards Markus
CentOS 6.0
closed

Answers

By MARKUS SPEICHER user 26 Aug 2019 at 3:05 a.m. CDT

Copy
MARKUS SPEICHER gravatar
I tried to debug a little more, this time with SFDC as SP and Chrome SAML debug on a PC, result is the same is in Android Enterprise: first request after SP gives error 404: GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZLbcqowFIZfhck9CBRbylQ7IlYRUJSDyg2DEDQSCBLQ6tMXdXdP977omslF1uFffzLf2%2FtnjpkTrCgiRQ8IHA8YWMQkQcWuBzz3g5XBe%2F%2BNRjkulUFT74slPDaQ1kw7V1DlXuiBpioUElFElSLKIVXqWHEGlqmIHK%2BUFalJTDBgBpTCqm4XDUlBmxxWDqxOKIbe0uyBfV2XVOl0aAlRvIcVm8ATCxMuv3A0wpCmpIohF5P8nZIez2v8hr%2BHfLhQwGitJVRE9f0V31IoKbmcbDFLH3s42NxyndZRijDs3CyKnSVMUAXjuuM4c8DoWg%2BE4nDQxkpIJun2bI3ks7WSzpY2uB3J5TPpVn7SXzKzmHZfJqo7L01PTDA2LEFM42M22mcqfp7FMXuh9jVYD2nohvuDauc7dmBFB8O28alG8qa7CzUpTqlxTEMiVuFmnQWl6mjjJ%2B9QjXX%2BY0qk1dzXFkc5zELBXKU7Tf20N1d%2Fs5TXemlCaEldA4kz0aXl7JIEyDdKnB5PuJ5cL%2Fx0HnvGE331q10Xn49TJMof7GKLo9FSQOPQI9ed6Us6Gxujiz6jgaSii7kt3fEEz4eZpkZ%2B5ZTsmmjGa%2BoFwXnhBY3jTWu05PVF%2B1uUNlAvaB0VdQ%2BIvPDK8jIrPrv8i9LtKoLAPXf5ADD2HwZUVDzI%2Bg2Y7aOJKhPXtVl77riA8b8JbRvAg0flvrz6AeLvstE3faD%2Fl7V26D%2B63jo%2FtPuP27%2Fk978A&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=QY0KqYrk4gEjp56evRUhRnC1e3kxzGTxijisPJYQ545zjKtmc6n2TjOTxJwnUSK0FmY55rD4G0Vo3g%2BK0NdBBquwPnCiAWbgTQIJTbqpinzj1tT1PeusOZxDxiiwNqDTxxQE5dIrhWETt4D1WEpJQjqAS3HjVf7QbHuaMD%2FpYvlAf61zNdbivDQSoMII2RaOxRZQ8dPOgVbL5THMh8DdrtHKyRdHUDyPxeYmkXal0k9BLlpbZd2G%2Bq1IloptyHFqz75CYScM82M5CkHpFUbpAl%2FTPWCLjTTnDAwNEBOng8IYNQGW0a2f2uHQg1uOvOu8BLcE%2Bx2%2BgWiAiwdZmm%2BfEe%2FFfxJOOl%2F9sVe4v%2Fls1RHJ0auqw0Ad%2FLcil7nNo3QdqAG7MWa9195a9VwyaAbKBaIZEEb5i57vO6w6FuSfPODO1HqgWteoV5Jj1G9v6mCzC4gHmWD381VRJndFooADPLcr9vYOVzhI95UfZLWgZKvGLO9szpT3MTsgtVQbK3galyz8W6yyQrMZwORPLw3Peq%2FIoIpVVzfSGgv79nzsseiwr0tRIRyRD%2FWVjZfTvD0JFi0odMp5mGIYAeU3qGdDSfT3hEmvK1uG%2Baih65l%2BdTq%2FEiWlBCvkeVYSaL42gj1gvTG%2FQdizQwGzuP0bgiJbQy7DAJXuYFdC0pKvPr5aIVY%3D HTTP/1.1 Upgrade-Insecure-Requests: 1 GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO;jsessionid=node01tabpldogjg4h6cr4gto9p45a12.node0?execution=e1s1 HTTP/1.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 HTTP/1.1 404 Not Found second request always works, with 302 redirect: GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO?SAMLRequest=fZLbcqowFIZfhck9EFA8MMUOiC1aEQRsrTcOQixYSCAJ2vr0Rd3d070vumZykXX415%2FMd3f%2FURbCEVGWE2wARYJAQDghaY7fDLCKHsQBuB%2FdsbgsKt1seIYDVDeIcaGdw0y%2FFgzQUKyTmOVMx3GJmM4TPTTdua5KUK8o4SQhBRBMxhDl7aIxwawpEQ0RPeYJWgVzA2ScV0yXZVahPMkQFVN0FFEqlZ8SiwvE9oQmSEpIec%2BIAaENX%2BE1BodPBgS7tZTjmF9f8S2Vp5VUkl0hstseCTWXnNw62ucFki8WVTlAaU5RwuUw9IAwtQ2wVcdmGy9K6lRT050MTu5L9%2BTa5uV0I%2FjevZQ7XnneNNVwHWRrnqn1%2Fulx9hgGbulWgUlDkluTg3uqXWtaRiIJzra4sLw4Fg%2FwQYHL%2BTl9NRXiZF4V2Bsx9eGy3oqHtNcns%2FqTno7zAMbPqfU040rzdN7F9N2ziaMdFhaZ8G1%2BpAjO2ItGT9ZxPzY3z%2BXO9Zfb9zxzg%2FH0zbHPVXliHVQEHgt4f0Am2I80Nhz7Sr0ONz1xl5lO7IVOR6tV%2FNGxVv3FequoubX0Jp0SLlbD9UTZs163mdmveLVvlpvtQ8jMpabNnMohweKt%2FS3GGjTFjMeYG0CFylCEA1HtRbCva5quqZIy7G2A4P9hwMrxjazfgNndmpjuRJEv%2Bl4YAeH5m9C2Adx41K%2FL6Q8Qf5eNv%2BkDo7%2BstUP%2F0XUn%2F9Ae3W7%2Fkj%2F6Ag%3D%3D&RelayState=%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=KaMkbgJfUul8fpi2mTLWpgEPuiOKKJXdOkVI6%2FIssgZp2Tniobo8x%2B4PEoJ%2FPsfJW%2F%2BlFhKAdd43vfLgW95FVT8jGedhsQ72O6HzhIXN5k1RpDBj7MvViDW2WFvMjfx4atEjlVLwU6wKG%2BrddaYSi3peifunY71grp5ZRMEOsmTTnMl%2F591o%2FscbqiRO%2FcaUohA8eiCoZDZ%2BC%2B84nL7JQO6KJu584KYxiaM0GZ3pEo4vScwlGsbCgaVOHFN2vRQ6LC3D4tMG1StAcwftWxpLT624G4m4CDL6TBo3P8SUvC76BxJV4YjKTCjDK94pUIYbKADOHp7gOVOPQGAhIarc2x2c5rx3f9PkAn5VujrsTFcgU7w%2FYrqKA4fv8qiQ4QB5okyoqvAP2Kg708W%2B2lezzmGoYO7VuUJBUqKYfRIfMTq0665hSW181EfzwEpX0qqyFLgEPNsfH59VKZV5h4kcCtSPiw5TiKWku%2BAKDyPxvhBwHyHkICryAG4yW5tgjlIEHkjS6CxihDs7vHZraIxAa1a2ED9RknJ7D%2BjHdgJX53bSRGmMQoVx%2BuYn8Z5lRjy8zcIiGD026oS2t2PofP4esHVDriviitYoU2GtLeNpKBK5ICUeMJEQ5igavHSXgQNt8U%2Bdn7Y8j22hms%2BrMQmIszNWU4Bd8Uo4rTElR%2BvQSRw%3D HTTP/1.1 GET https://idp.mobl-service.eu/idp/profile/SAML2/Redirect/SSO?execution=e2s1 HTTP/1.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 HTTP/1.1 302 Found Date: Mon, 26 Aug 2019 07:55:52 GMT Server: server X-XSS-Protection: 1; mode=block Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: SameOrigin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains Cache-Control: no-store Location: https://idp.mobl-service.eu/idp/Authn/oxAuth?conversation=e2s1 Content-Length: 0 Content-Type: text/plain; charset=UTF-8 Connection: close Then I can authenticate. Any idea how ti get the first one working? Cheers Markus

By Mohib Zico staff 28 Aug 2019 at 9:39 a.m. CDT

Copy
Mohib Zico gravatar
>> [qtp804611486-9] [org.xdi.oxauth.uma.service.UmaNeedsInfoService] (UmaNeedsInfoService.java:92) - Unable to load UMA script dn: This error shouldn't hamper your SAML operation. >> In a normal browser is works always. Issues I have on Android for Android Enterprise Enrollment and iOS using Salesforce app. I am not exactly sure how much we can assist you here in community subscription because troubleshooting this will require 'Android Enterprise Enrollment' + iOS + Salesforce; none of them are free of cost AFAIK.

By MARKUS SPEICHER user 28 Aug 2019 at 10:05 a.m. CDT

Copy
MARKUS SPEICHER gravatar
The UMA Error I could get fixed. But you are right does not have anything to so with SAML. You can see the error easily when you connect with Chrome on a PC VM to my Salesforce Test Tenant and click on Shibboleth: https://speicher-dev-ed.my.salesforce.com/ Then in some cases you get first 404 then back and again and you see the gluu login after 302 and redirect. This is how I could do saml trace in Chrome as in my second post. Interestingly ithat it works on all browsers always on my Mac. But the issues are on Android and Windows.

By Mohib Zico staff 03 Sep 2019 at 9:03 a.m. CDT

Copy
Mohib Zico gravatar
Is that the error you are mentioning? Screenshot attached.
Capture.PNG

By MARKUS SPEICHER user 03 Sep 2019 at 9:11 a.m. CDT

Copy
MARKUS SPEICHER gravatar
Yes, this is exactly the error. When you do reload it stays 404, but when you go back and request it new, then 302 redirect to the IDP for login. I checked it with Chome and Saml-Tracer.

By Mohib Zico staff 03 Sep 2019 at 1:24 p.m. CDT

Copy
Mohib Zico gravatar
>> When you do reload it stays 404, but when you go back and request it new, then 302 redirect to the IDP for login. When I am starting the SP-initiated SSO, I see three options on your SP's homepage. Screenshot attached ( Capure ) However when I am using go back button, I am getting only Shibboleth. Any thoughts why it's happening?
Capture2.PNG Capture_xbjVLY5.PNG

By MARKUS SPEICHER user 03 Sep 2019 at 1:39 p.m. CDT

Copy
MARKUS SPEICHER gravatar
This is a feature in SFDC, you see the one you have chosen before. I have configured many IDPs to test. Platita uses MobileIron Access QRCode login with G-Suite as IDP. Mobl-Service uses MobileIron Access with ADFS on my local AD. But I hope to get rid of MS products for my lab and demos. Shibboleth uses Gluu as IDP. My goal is to use Gluu for my lab and disable ADFS.

By Mohib Zico staff 03 Sep 2019 at 3:28 p.m. CDT

Copy
Mohib Zico gravatar
Got it, thanks for clarification. Can you please share your Salesforce Config for your Shibboleth ( Gluu ) server?

By MARKUS SPEICHER user 04 Sep 2019 at 3:23 a.m. CDT

Copy
MARKUS SPEICHER gravatar
I made a screenshot of my SSO settings in SFDC for Shibboleth. Why it works on my Mac an Fails on Android or PC? This is strange for me.
Video or screenshot link

By Mohib Zico staff 04 Sep 2019 at 5:09 a.m. CDT

Copy
Mohib Zico gravatar
Thanks. >> Why it works on my Mac an Fails on Android or PC? This is strange for me. Yeah.. that's strange. Please allow me to configure one test Salesforce SSO with my Gluu Server 3.1.6. Just checked the doc... seems like it required an update.

By MARKUS SPEICHER user 04 Sep 2019 at 5:27 a.m. CDT

Copy
MARKUS SPEICHER gravatar
It took me some time to get it working. I had to add Attribute Name and Name ID Format to the SAML SSO Settings in SFDC: urn:oid:0.9.2342.19200300.100.1.1 urn:oasis:names:tc:SAML:2.0:attrname-format:uri

By Mohib Zico staff 27 Sep 2019 at 1:19 p.m. CDT

Copy
Mohib Zico gravatar
Hi Markus, We published a new doc for Salesforce SSO [here](https://gluu.org/docs/ce/3.1.6/integration/saas/salesforce/)

Post an answer