Azure AD Saml SSO not working - Invalid login. Please verify credentials

Product Support
1

Your software
My Mautic version is: 4.4.9
My PHP version is: 8.0.29
My Database type and version is: 10.6.12-MariaDB-0ubuntu0.22.04.1
My Setup: Ubuntu 22.04 - LAMP

Your problem
My problem is: Configured SAML for Azure AD setup. Even the test from Azure AD is successful in issuing a token. After redirect to https://mymauticsite/s/saml/login_check I get a 302 found however it redirects after that to https://mymauticsite/s/login with error message saying - Invalid login. Please verify credentials.

These errors are showing in the log: Nada, absolutely nothing. I am checking errors here: /var/www/mymauticfolder/var/logs. Is there any way to increase the debug level on the SSO logs? If yes which file to edit from where?

Steps I have tried to fix the problem:
I have checked my Attributes mapping and in depth gone through the metadata xml file.
All the attributes go through to my site that are necessary to create a new user upon first login. CORS is setup properly in apache.

Am I missing something special on the Azure side? I changed the nameID to send email address instead, but not sure if this helps?

See attached screenshot for error:

Mautic Error
Mautic Error577×741 30.2 KB

2

Anyone got this working?

3

I got this working using advice from here: Microsoft SSO Integration - Solved

So you have to use complete url for attributes as defined in the schema of the metadata xml.

For email I used this: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
For Frist Name I used this: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
For Last Name I used this: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
And since I tend to configure usernames as email (personal choice) I used this fro Username which is optional: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

You define these settings in the Mautic SAML SSO Settings page

4

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.

5

@jasjitchopra would you be open to making an update to our documentation to make this clear for people in the future?

If you go to this page: Authentication — Mautic Documentation 0.1 documentation you could add a section at the bottom for Azure-specific settings.

There’s an ‘edit on GitHub’ button top right of the page which takes you directly to the page you need to edit, then you can click the pencil button to suggest changes.

Happy to help you get started if you’d like to contribute this information to help others!

1 Like