Comments (6)
Found the misconfiguration on my end (need to use glasses more often) - I had /saml/SSO
setup on my SSO application which now needs a change to a different URL in line with the new requirements.
Although the change may have a positive impact in theory my IDP was suggesting that I need a ReplyURL set as sso/structurizr
which makes sense as accordingly to the Spring documentation the default endpoint is /login/saml2/sso/{registrationId}
but it can be changed.
I guess either /sso
or /sso/{registrationId}
may be valid reply URLs but I'm yet to test that and it may take few days to come through the change requests.
from onpremises.
latest version which have SSO reply in line with documentation is 3263
from onpremises.
Correct, the SAML configuration changed in 2024.01.02 - see release notes, and https://docs.structurizr.com/onpremises/authentication/saml has the new configuration instructions. Feel free to open a docs PR if you feel more is required.
from onpremises.
Thanks @simonbrowndotje, current version of the documentation states
Register the Structurizr on-premises application with your Identity Provider. When doing this, you will need a “Reply URL”, which is of the form {structurizr.url}/login/saml2/sso
Where it actually expects {structurizr.url}/login/saml2/sso/structurizr
now, at least once I have updated a version I have started to get the error message about the new reply URL from my IDP (AzureAD).
Hence I thought it is a bug which introduced extra to the SSO reply or a doc update. I'm happy to do a PR if you confirm the doc needs a change from /sso
to /sso/structurizr
from onpremises.
Doc update would include following
Register the Structurizr on-premises application with your Identity Provider. When doing this, you will need a “Reply URL”, which is of the form {structurizr.url}/login/saml2/sso/{registrationId}
from onpremises.
So just to clarify:
- Build 3263 uses the old Spring SAML library, which required a reply URL of the form
{structurizr.url}/saml/SSO
. - Build 2024.01.02 uses the new Spring SAML library, which requires a reply URL of the form
{structurizr.url}/login/saml2/sso
, but you're saying that this may be{structurizr.url}/login/saml2/sso/{registrationId}
instead.
You may be correct, but this doesn't seem to be the case with any of the test apps I have on various identity providers; for example (this is Azure AD):
If I set the reply URL to {structurizr.url}/login/saml2/sso/example
, then the structurizr.saml.registrationId
property does need to be set to example
in the structurizr.properties
file, otherwise I do see an Azure AD error. But setting the reply URL to {structurizr.url}/login/saml2/sso
seems to work for me irrespective of what the registration ID is set to. I think this requires more investigation before updating the docs.
from onpremises.
Related Issues (20)
- Thumbnails are not created HOT 3
- structurizr.properties does not replace all `${..}` values
- Can't create more than 537 workspaces HOT 2
- Can we make docker port image configurable? HOT 6
- Supporting paths when deployed behind a reverse proxy HOT 2
- Deployment Nodes - Nesting
- Every Workspace is public regardless of what you configure HOT 1
- Structurizr working perfectly on docker container locally(laptop) but behaves weird when hosted on OpenShift. HOT 7
- Bug page on SAML response when user access denied
- Structurizr Onpremises in AKS does not create workspaces correctly HOT 2
- Search fails with Apache Lucene (maxClauseCount is set to 1024)
- Documentation not working in docker image 3196
- Unable to use redis sessions with AWS Elasticache
- Change root context from / to /abcdefg
- Content Security Policy / SAML Keycloak HOT 9
- How to connect to AWS Redis from structurizr hosted on ec2 instance inside a docker container
- s3 http endpoint HOT 1
- Slow rendering of diagrams
- Problem using & in the Documentation URI HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from onpremises.