Error Parsing SAML Response

Justin_Szatkowski · October 19, 2022, 3:29pm

Hello,

I am trying to use a Microsoft Azure Active Directory as an Identity Provider. When using an SAML response, the following error appears in the Ignition logs:

com.inductiveautomation.ignition.gateway.auth.idp.IdpAdapterException: Unable to parse the WebAuthResponse from the HTTP request

When doing a test login, the login page is correct however there is no IDP response data. Is there something different about the way Azure AD is sending this SAML? When comparing it with a working Okta IDP, there doesn't appear to be any difference.

Any help or insight would be appreciated.

jspecht · October 19, 2022, 4:38pm

Can you post the full stack trace of the IdpAdapterException?

Justin_Szatkowski · October 19, 2022, 4:55pm

I solved the issue, unchecking the Validate Response Signatures * seemed to allow the IDP to be read.

jspecht · October 19, 2022, 5:04pm

Make sure to have at least one of the Validate Response Signatures or Validate Assertion Signatures settings enabled. Having both disabled is a security issue since Ignition will not check if SAML Responses / Assertions are forged.

Justin_Szatkowski · October 19, 2022, 5:40pm

Understood, thank you for the feedback. Will let you know if any other issues arise.