SAML has issues with MAUTIC

sswami · 26 Apr 2022, 08:06

Jay Swaminarayan!

While this was functioning perfectly well during previous versions, after upgrading to 1.34.xx the SAML SSO has started getting failed after returning to the service.

I have tried resetting all the settings and even trying to add new application and enabling the SAML exchanging and configuring the settings.
After lot of troubleshooting and decoding the AuthResponse payload, we could find the following issue.

<ns3:Status>
<ns3:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/>
<ns3:StatusMessage>Unable to authentication the user via the nested OAuth workflow. Consult the logs for additional details.</ns3:StatusMessage>
</ns3:Status>

Following is the full response object.

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<ns3:Response xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#" ID="_76de3fda-0f4c-45f2-b382-79bfa78be431">
<Issuer/>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_76de3fda-0f4c-45f2-b382-79bfa78be431">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>MymT6dHHijkye+3R8Ysj6aoMkxdJUhbfCqHqxAp98MY=</DigestValue></Reference></SignedInfo>
<SignatureValue>CSZc9rLHOOyn50PMHkERzdReV+aW4pS4qCjAsET/0DIcPt6ptAaLNiRPl2/v56uxJ1Dx4a+RCGSUf3A5mrQCIFsLhNXgmDHkET8pzUwiAIxm7JsM76z7Tk0/AcUok93XlkjjnEFxuRe/QwsxXQhG2NYalRM8IWyqkfz27NVaM5lK/TSpzW6ub/C9EAxXVx925rf3Op8ILKUJLrenp8pYscGuKHH29qhA0V2+riP+ShZqb5iHruqZZjNA7qUGRAIbZeu7MuFNh5Es2wMK3wemUOwpGY+5i6u85Yffl854+68lk5u9JhsJ18sdhzMK9nwsJ48dPhiH8w53jDmxX9+8BA==</SignatureValue><KeyInfo><X509Data>
<X509Certificate>MIICxTCCAa2gAwIBAQIRALtIbH2EDUSVqXSCIdaei+IwDQYJKoZIhvcNAQELBQAwHjEcMBoGA1UEAxMTaHR0cHM6Ly9ndXJ1a3VsLm9yZzAeFw0yMjA0MjUwMzQzMTFaFw0zMjA0MjUwMzQzMTFaMB4xHDAaBgNVBAMTE2h0dHBzOi8vZ3VydWt1bC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFhi/uU8xbFpN00//RZbBj6BalrMcSpLIFhQ4zdj5DJx1e1jDlAKVAFDnaImvgkEGTipxETcN3wDp0umBhf+P2GRfKq5ZRcbiYgR4LnZl8TRKQrJa3hL2wCpYAlhHW4oc4zeNSoCzQra9URTPFXVF1Md319eLyZz8Ao+x08hqgHdS7bluBxlCHaqrR/eQtPmuRofhGKPTvTOaMyAf1+AIU2P6V3YV11WdRisytbmPNdACnrY0h9Uh+iR+S9owsXSrRQiY4tFV8qt8Oeo4St+gMSbYTKm8M3RNJgR2OxfHasDrknT6Wgjgtu03nxL7K19K6MT0P73Oi+roaFxl64mDnAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAERqZhMk9VAcPMYMDjHv/YrCAVgWntmKU3KIDxLhzpvW1uWo45Ni1G1cXiQTAi39uTdP7w2LmoKO6HbbLmWnQIOx06XxqdE4sllQRe7Za62wY4zI0XSuAPMWCHlGoKmXoKb2xz6QCmOHxQM46itfxF0amfZiZnx6bDUwEI9Iu8pTeAGejpoyCMmiV2zeP1yWoeoM/B2lPEZU+HD18Z87QY8hxCLP3rU1tD5Lm2vw+fpN6dWPD0q/rN6TgwiQtJieIRCeBYOu1OZrzfrIGurf1vTLZ4JuLHSE+zGfdxNPRFtA7BaQdlz1g83Nb2BUNRbkYXAQOVaaodcsb/Pu9t4Bx5w=</X509Certificate></X509Data></KeyInfo></Signature>
<ns3:Status>
<ns3:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/>
<ns3:StatusMessage>Unable to authentication the user via the nested OAuth workflow. Consult the logs for additional details.</ns3:StatusMessage>
</ns3:Status>
</ns3:Response>

I suppose this must be some very simple configuration issue, however, kindly help me get some info on the above, so that this can be Resolved.

Thanking you,

sswami · 30 Apr 2022, 16:38

@dan @robotdan Please respond to the above.

sswami · 3 May 2022, 17:09

@dan @robotdan Looking for your support ASAP.

dan · 3 May 2022, 17:31

@sswami

Do you have a support plan? If so, the best way to get support is to open a ticket: https://account.fusionauth.io/account/support/

sswami · 3 May 2022, 17:39

This post is deleted!