FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    Has anyone successfully integrated FusionAuth with Metabase using SAMLv2?

    Scheduled Pinned Locked Moved
    General Discussion
    2
    2
    991
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      admin 9
      last edited by

      I'm a regular user of both Fusionauth and Metabase, but I've hit a wall trying to integrate the two using FA as the IdP and MB as the SP. Have others successfully created workable FA>MB SAML solutions?

      My intended flow: https://my.website.com (Site) > https://metabase.website.com/auth/sso (ACS/redirect, authenticated by FA) >
      https://my.website.com/metabase (Interactive embedded MB page)

      I keep getting the following error: The SAML AuthnRequest was invalid or did not pass validation. The error code is [Requester] and the error message is [Invalid AssertionConsumerServiceURL].

      Metabase isn't correctly signing the SAML auth request. Their request encodes https://metabase.website.com/ as the ACS URL despite https://metabase.website.com/auth/sso being hardcoded in MB.

      I suspect the issue is with Metabase due to a number of inconsistencies in their configs and docs, but I'm not 100% certain. For instance, I kept receiving an FA application mapping error until I replaced the "Application Name" field in Metabase (default = 'metabase') with the SAML certificate Issuer domain url.

      I'm starting here because 1) anomalies/screwy documentation on Metabase's part make it clear that any solutions likely lie outside their wheelhouse, and 2) this group has likely found a number of creative Metabase integrations that I haven't considered.

      Thanks in advance. Let me know if I can provide any specific configs or debugs.

      mark.robustelliM 1 Reply Last reply Reply Quote 0
      • mark.robustelliM
        mark.robustelli @admin 9
        last edited by mark.robustelli

        @admin-9 I have not worked with Metabase, so I don't think I can be of help there. I do want to make sure you have seen the documentation on configuring FusionAuth as the Service Provider.

        It is worth noting the bit about opening up a request for FusionAuth to provide additional examples on Github. It may be worth you time to do that.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post