Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Unable to configure Keycloak SSO #1406

Open
praveen-livspace opened this issue May 14, 2024 · 1 comment
Open

Bug: Unable to configure Keycloak SSO #1406

praveen-livspace opened this issue May 14, 2024 · 1 comment
Labels
bug Something isn't working

Comments

@praveen-livspace
Copy link

Describe the bug
Signature validation fails on authenticating with Keycloak.


2024-05-14 17:01:30.750 | Error: error:1E08010C:DECODER routines::unsupported |  
-- | -- | --
  |   | 2024-05-14 17:01:30.750 | at Verify.verify (node:internal/crypto/sig:224:24) |  
  |   | 2024-05-14 17:01:30.750 | at RSASHA256.verifySignature (/usr/src/app/node_modules/xml-crypto/lib/signed-xml.js:116:24) |  
  |   | 2024-05-14 17:01:30.750 | at SignedXml.validateSignatureValue (/usr/src/app/node_modules/xml-crypto/lib/signed-xml.js:442:20) |  
  |   | 2024-05-14 17:01:30.750 | at SignedXml.checkSignature (/usr/src/app/node_modules/xml-crypto/lib/signed-xml.js:376:15) |  
  |   | 2024-05-14 17:01:30.750 | at Function.isSignatureValid (/usr/src/app/FeatureSet/Identity/Utils/SSO.ts:138:38) |  
  |   | 2024-05-14 17:01:30.750 | at loginUserWithSso (/usr/src/app/FeatureSet/Identity/API/SSO.ts:247:26) |  
  |   | 2024-05-14 17:01:30.750 | at processTicksAndRejections (node:internal/process/task_queues:95:5) |  
  |   | 2024-05-14 17:01:30.750 | at async /usr/src/app/FeatureSet/Identity/API/SSO.ts:134:16 { |  
  |   | 2024-05-14 17:01:30.750 | library: 'DECODER routines', |  
  |   | 2024-05-14 17:01:30.750 | reason: 'unsupported', |  
  |   | 2024-05-14 17:01:30.750 | code: 'ERR_OSSL_UNSUPPORTED' |  
  |   | 2024-05-14 17:01:30.750 | } |  
  |   | 2024-05-14 17:01:30.751 | BadRequestException [Error]: Signature is not valid or Public Certificate configured with this SSO provider is not valid |  
  |   | 2024-05-14 17:01:30.751 | at loginUserWithSso (/usr/src/app/FeatureSet/Identity/API/SSO.ts:255:21) |  
  |   | 2024-05-14 17:01:30.751 | at processTicksAndRejections (node:internal/process/task_queues:95:5) |  
  |   | 2024-05-14 17:01:30.751 | at async /usr/src/app/FeatureSet/Identity/API/SSO.ts:134:16 { |  
  |   | 2024-05-14 17:01:30.751 | _code: 400 |  
  |   | 2024-05-14 17:01:30.751 | }

To Reproduce
Steps to reproduce the behavior:

  1. Configure SAML SSO for any project using keycloak.
  2. Configure the details.
  3. Try logging in using the test link
  4. See error

Expected behavior
User should be able to login.

Screenshots
If applicable, add screenshots to help explain your problem.

Deployment Type
Self Hosted: 7.0.2270

Additional context
Add any other context about the problem here.
@praveen-livspace praveen-livspace added the bug Something isn't working label May 14, 2024
@simlarsen
Copy link
Contributor

simlarsen commented May 14, 2024
edited

Are you sure you're using correct signature methods? Looks like you're using SHA 256. Did you try with others? Did you also include ----BEGIN CERTIFICATE ----- and END CERTIFICATE LINE to your SSO config with OneUptime?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@praveen-livspace @simlarsen