Comments (14)
ok, so figured out what was the issue in our case. I set the Azure Enterprise App application id as entityId, instead I should ofcourse have used the Entity Id. Strange to get a 405 on this. I also noticed that the return url is case sensitive, so redirecting doesn't work if the url's don't match case
from onpremises.
Your case may have been already solved by issue #8.
You have to adjust structurizr.saml.maxAuthenticationAge property to higher (90 days ?) than the default value (2 hours): https://structurizr.com/share/18571/documentation#max-authentication-age
from onpremises.
Thank you for the screenshot, i fixed it now :)
Issue (for me) was that i disabled "sign document" function. Just in case if anyone need, sending my KC screenshot of the working configuration:
from onpremises.
That's great, thanks. Would you consider sending a PR for the docs please?
https://github.com/structurizr/onpremises/blob/main/docs/docs/04-authentication.md#keycloak
from onpremises.
Thanks @samm-git that was also a problem on my side. Once I enabled SAML signed request then it started to work. BTW, to do that I had to export cert from jks existing on repo for structurizr onprem and upload it to Okta so then it was possible to enable it.
from onpremises.
Hi people, i face the same problem with Azure AD and I resolved creating group claim on Enterprise Application:
![image](https://private-user-images.githubusercontent.com/12559183/255935118-d7d2be09-b394-4ca0-b1b2-76322dafca8d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTgxMDQ1NzUsIm5iZiI6MTcxODEwNDI3NSwicGF0aCI6Ii8xMjU1OTE4My8yNTU5MzUxMTgtZDdkMmJlMDktYjM5NC00Y2EwLWIxYjItNzYzMjJkYWZjYThkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MTElMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjExVDExMTExNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTBjMDYzNDA4ZWZkZGUxYjU3MGQ5MzUzYjZiNjNlOWU3NzBjN2I2YTJhNGZjZmViZGM5OTdkODU4N2RkZGQ4YTMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.zyxmYAAih-CHHGKsg1q9Iy-MgDPRgSk7u82hKBqtEHs)
from onpremises.
we are running into the same issue. Our configuration looks pretty similar to the OP's, we are also getting a 405 Method not allowed on the /saml/sso
endpoint. In the logs we see the following error:
DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
but for completeness sake:
- our Structurizr app is running in an Azure Appservice
- version 3040
- we created an AAD Enterprise Application with return url
{my-app-name}/saml/sso
(where {my-app-name} is a placeholder for our real app name of course) - added the
structurizr.properties
andsaml-idp-metadata.xml
files and restarted the appservice
structurizr.properties
:
structurizr.authentication=saml
structurizr.url=https://{my-app-name}.azurewebsites.net
structurizr.saml.entityId={client id of the AAD Enterprise Application}
from onpremises.
Same problem wit keycloak here. Already tried to change the max-authentication-age to 8h, 24h, and 90 days, and didn't worked.
from onpremises.
Same on my side, KC+structurizr
from onpremises.
Somebody on the Slack group (onpremises channel) has mentioned that the instructions for Keycloak are out of date, and posted an updated screenshot. You may want to jump on there and take a look.
Alternatively, you may want to try forcing authentication -> https://structurizr.com/share/18571/documentation#force-authentication (although this seems to be related to issues with Azure AD).
from onpremises.
Done, #47
from onpremises.
Have similar problem when integrating with Okta. I receive on server logs
DefaultHandlerExceptionResolver - Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported]
.
This is on the returning from already authenticated user on /saml/SSO
Did anyone resolved that problem? why structurizr is not accepting POST on that url.
from onpremises.
In my case it was disabled signing on the request, please check your settings.
from onpremises.
Closing since the OP hasn't responded, so I'm assuming this is resolved ... please open new issues/discussions as needed.
from onpremises.
Related Issues (20)
- Does the SAML reply URL need to include the registration ID? HOT 6
- Thumbnails are not created HOT 2
- structurizr.properties does not replace all `${..}` values
- Can't create more than 537 workspaces HOT 2
- Can we make docker port image configurable? HOT 5
- Supporting paths when deployed behind a reverse proxy HOT 2
- Deployment Nodes - Nesting
- Every Workspace is public regardless of what you configure HOT 1
- Structurizr working perfectly on docker container locally(laptop) but behaves weird when hosted on OpenShift. HOT 7
- Bug page on SAML response when user access denied
- Structurizr Onpremises in AKS does not create workspaces correctly HOT 2
- Incorrect html display HOT 1
- Documentation not working in docker image 3196
- Unable to use redis sessions with AWS Elasticache
- Change root context from / to /abcdefg
- Content Security Policy / SAML Keycloak HOT 9
- How to connect to AWS Redis from structurizr hosted on ec2 instance inside a docker container
- s3 http endpoint HOT 1
- Slow rendering of diagrams
- Problem using & in the Documentation URI HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from onpremises.