Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error after SAML authentication #10556

Closed
BcTpe4HbIu opened this issue Apr 23, 2018 · 12 comments
Closed

Error after SAML authentication #10556

BcTpe4HbIu opened this issue Apr 23, 2018 · 12 comments
Assignees
@pierre-lehnen-rc
Labels
contrib: experts needed type: bug
Milestone
3.1.0

Comments

@BcTpe4HbIu
Copy link

Description:

Server Setup Information:

  • Version of Rocket.Chat Server: 0.63.3
  • Operating System: CentOS 7
  • Deployment Method(snap/docker/tar/etc): docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog: No
  • Node Version: 8.9.3 - x64
  • mongoDB Version: 3.6

Steps to Reproduce:

  1. Configure SAML with ADFS 2012
  2. Try to login
  3. Get error in popup: TypeError: Cannot read property 'toString' of undefined

Expected behavior:

Login to server

Actual behavior:

Error reported

Relevant logs:

No errors logs in browser or server log.
@BcTpe4HbIu
Copy link
Author

Problem is that search for signature tag returning nothing, because whole assertion is encrypted.

So now the question is encrypted assertion supported?

@BcTpe4HbIu
Copy link
Author

@Bill81710 (from #2770) is your saml response encrypted?

@BcTpe4HbIu
Copy link
Author

Anyway, solved for me by removing public/private key from saml settings. This disabled encryption on ADSF side and auth worked.

Probably this must be documented somewhere?

@Hudell
Copy link
Contributor

Hudell commented Aug 1, 2018

Can you check if it's working on the current version of Rocket.Chat?

@BcTpe4HbIu
Copy link
Author

What exactly should work with current version? Encrypted assertion is now supported?

@BcTpe4HbIu
Copy link
Author

Added certs for SAML. Will check it tomorrow.

@BcTpe4HbIu
Copy link
Author

Same error with 0.68.5

Sorry, an annoying error occured
TypeError: Cannot read property 'toString' of undefined
Close Window

@zopanix
Copy link

zopanix commented Sep 20, 2018

@BcTpe4HbIu : I'm hitting the same error, can you explain your workaround ? Did get the part of removing public and private key

@BcTpe4HbIu
Copy link
Author

@zopanix The problem is "encrypted assertion". If your authentication party sends it in reply - Rocket.Chat will fail to process it. So workaround is to ensure reply is not encrypted. ADFS, for example, will automaticly encrypt reply if public key is present in service metadata. So if you clean fields private key and public cert in saml settings ADFS will reply without encryption.

@zopanix
Copy link

zopanix commented Sep 20, 2018

@BcTpe4HbIu : thx, was not sure I understodd it correctly.

@theorenck theorenck assigned theorenck and Hudell and unassigned theorenck Apr 9, 2019
@theorenck theorenck added this to the 1.1.0 milestone Apr 9, 2019
@theorenck
Copy link
Contributor

@Hudell can you take look again in this one, please?

@theorenck theorenck modified the milestones: 1.1.0, 1.0.0 Apr 10, 2019
@geekgonecrazy geekgonecrazy modified the milestones: 1.0.0, 1.1.0 Apr 29, 2019
@engelgabriel engelgabriel modified the milestones: 1.1.0, 1.3.0 Jul 10, 2019
@sampaiodiego sampaiodiego modified the milestones: 1.3.0, 1.4.0 Jul 25, 2019
@engelgabriel engelgabriel modified the milestones: 2.0.0, 2.2.0 Oct 13, 2019
@engelgabriel engelgabriel modified the milestones: 2.2.0, 4.1.0 Mar 17, 2020
@pierre-lehnen-rc
Copy link
Contributor

This one was fixed by #12153

@engelgabriel engelgabriel modified the milestones: 4.1.0, 3.1.0 May 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pierre-lehnen-rc pierre-lehnen-rc

Labels
contrib: experts needed type: bug
Projects
None yet
Milestone
3.1.0
Development

No branches or pull requests
8 participants
@geekgonecrazy @engelgabriel @theorenck @Hudell @BcTpe4HbIu @zopanix @sampaiodiego @pierre-lehnen-rc