5.x SSO Authentication

Product Support
1

Your software
My Mautic version is: 5.1.0
My PHP version is: 8.1.30
My Database type and version is: MariaDB 1:10.11.6-0+deb12u1

Your problem
My problem is: SAML SSO not working

These errors are showing in the log:
[2024-10-15T08:59:53.620927+00:00] mautic.CRITICAL: Uncaught PHP Exception TypeError: “Mautic\UserBundle\Entity\User::getUserIdentifier(): Return value must be of type string, null returned” at /var/www/mautic.example.org/app/bundles/UserBundle/Entity/User.php line 330 {“exception”:"[object] (TypeError(code: 0): Mautic\UserBundle\Entity\User::getUserIdentifier(): Return value must be of type string, null returned at /var/www/mautic.example.org/app/bundles/UserBundle/Entity/User.php:330)
[stacktrace]
#0 /var/www/mautic.example.org/app/bundles/UserBundle/Security/SAML/User/UserMapper.php(35): Mautic\UserBundle\Entity\User->getUserIdentifier()
#1 /var/www/mautic.example.org/vendor/lightsaml/sp-bundle/src/LightSaml/SpBundle/Security/Authentication/Provider/LightsSamlSpAuthenticationProvider.php(188): Mautic\UserBundle\Security\SAML\User\UserMapper->getUsername()
#2 /var/www/mautic.example.org/vendor/lightsaml/sp-bundle/src/LightSaml/SpBundle/Security/Authentication/Provider/LightsSamlSpAuthenticationProvider.php(108): LightSaml\SpBundle\Security\Authentication\Provider\LightsSamlSpAuthenticationProvider->loadUser()
#3 /var/www/mautic.example.org/vendor/lightsaml/sp-bundle/src/LightSaml/SpBundle/Security/Authentication/Provider/LightsSamlSpAuthenticationProvider.php(96): LightSaml\SpBundle\Security\Authentication\Provider\LightsSamlSpAuthenticationProvider->authenticateResponse()
#4 /var/www/mautic.example.org/vendor/symfony/security-core/Authentication/AuthenticationProviderManager.php(88): LightSaml\SpBundle\Security\Authentication\Provider\LightsSamlSpAuthenticationProvider->authenticate()
#5 /var/www/mautic.example.org/vendor/lightsaml/sp-bundle/src/LightSaml/SpBundle/Security/Firewall/LightSamlSpListener.php(54): Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate()
#6 /var/www/mautic.example.org/vendor/symfony/security-http/Firewall/AbstractAuthenticationListener.php(138): LightSaml\SpBundle\Security\Firewall\LightSamlSpListener->attemptAuthentication()
#7 /var/www/mautic.example.org/vendor/symfony/security-http/Firewall/AbstractListener.php(26): Symfony\Component\Security\Http\Firewall\AbstractAuthenticationListener->authenticate()
#8 /var/www/mautic.example.org/vendor/symfony/security-http/Firewall.php(119): Symfony\Component\Security\Http\Firewall\AbstractListener->__invoke()
#9 /var/www/mautic.example.org/vendor/symfony/security-http/Firewall.php(92): Symfony\Component\Security\Http\Firewall->callListeners()
#10 /var/www/mautic.example.org/vendor/symfony/event-dispatcher/EventDispatcher.php(270): Symfony\Component\Security\Http\Firewall->onKernelRequest()
#11 /var/www/mautic.example.org/vendor/symfony/event-dispatcher/EventDispatcher.php(230): Symfony\Component\EventDispatcher\EventDispatcher::Symfony\Component\EventDispatcher\{closure}()
#12 /var/www/mautic.example.org/vendor/symfony/event-dispatcher/EventDispatcher.php(59): Symfony\Component\EventDispatcher\EventDispatcher->callListeners()
#13 /var/www/mautic.example.org/vendor/symfony/http-kernel/HttpKernel.php(139): Symfony\Component\EventDispatcher\EventDispatcher->dispatch()
#14 /var/www/mautic.example.org/vendor/symfony/http-kernel/HttpKernel.php(75): Symfony\Component\HttpKernel\HttpKernel->handleRaw()
#15 /var/www/mautic.example.org/vendor/symfony/http-kernel/Kernel.php(202): Symfony\Component\HttpKernel\HttpKernel->handle()
#16 /var/www/mautic.example.org/app/AppKernel.php(109): Symfony\Component\HttpKernel\Kernel->handle()
#17 /var/www/mautic.example.org/app/middlewares/CORSMiddleware.php(76): AppKernel->handle()
#18 /var/www/mautic.example.org/app/middlewares/HSTSMiddleware.php(39): Mautic\Middleware\CORSMiddleware->handle()
#19 /var/www/mautic.example.org/app/middlewares/CatchExceptionMiddleware.php(28): Mautic\Middleware\HSTSMiddleware->handle()
#20 /var/www/mautic.example.org/app/middlewares/VersionCheckMiddleware.php(58): Mautic\Middleware\CatchExceptionMiddleware->handle()
#21 /var/www/mautic.example.org/app/middlewares/TrustMiddleware.php(42): Mautic\Middleware\VersionCheckMiddleware->handle()
#22 /var/www/mautic.example.org/vendor/stack/builder/src/Stack/StackedHttpKernel.php(23): Mautic\Middleware\TrustMiddleware->handle()
#23 /var/www/mautic.example.org/index.php(19): Stack\StackedHttpKernel->handle()
#24 {main}

and

[2024-10-15T08:38:16.160658+00:00] php.CRITICAL: Uncaught Error: Mautic\UserBundle\Entity\User::getUserIdentifier(): Return value must be of type string, null returned {“exception”:“[object] (TypeError(code: 0): Mautic\UserBundle\Entity\User::getUserIdentifier(): Return value must be of type string, null returned at /var/www/mautic.example.org/app/bundles/UserBundle/Entity/User.php:330)”} {“hostname”:“mautic.example.org”,“pid”:317473}

Steps I have tried to fix the problem:

I tried the fix suggested on Azure AD Saml SSO not working - Invalid login. Please verify credentials but apparently those URLs are no longer valid. Also, In the event that the server is not able to reach the internet, it’s a no go.

Quick fix is to use the literal OIDs, such as:
Email: urn:oid:0.9.2342.19200300.100.1.3
First name: urn:oid:2.5.4.42
Last name: urn:oid:2.5.4.4
(optional) Username; i’m using eduPersonPrincipalName OID which is urn:oid:1.3.6.1.4.1.5923.1.1.1.6

Also, this information is relevant for generic SAML integration and not only Azure.

Authentication — Mautic Documentation 0.1 documentation should be updated.

Proper fix should be using SAML attribute names and Mautic would check those against a mapping file with common OIDs and respective friendly names, such as the attribute-map.xml file present in Shibboleth SP.