Mautic Community Forums

Trouble With SAML

I am trying to configure Auth0’s SAML provider with a fresh Mautic installation. I was able to get them connected through to where I can access Mautic, it redirects me to the SAML provider, I login (successfully according to IDP logs) and then am redirected back to Mautic’s http://my-domain.com/s/saml/login_check.



However, once I am redirected back after successfully being authenticated, I am taken to the regular Mautic login screen and given the message “Invalid login. Please verify credentials”. This seems to happen for both users that are already within Mautic’s internal user database, or for new users that are only authenticated through the external IDP.



There are no messages in Mautic’s logs either.



Any suggestions on where to look would be appreciated!



Eric

I am trying to configure Auth0’s SAML provider with a fresh Mautic installation. I was able to get them connected through to where I can access Mautic, it redirects me to the SAML provider, I login (successfully according to IDP logs) and then am redirected back to Mautic’s http://my-domain.com/s/saml/login_check.

However, once I am redirected back after successfully being authenticated, I am taken to the regular Mautic login screen and given the message “Invalid login. Please verify credentials”. This seems to happen for both users that are already within Mautic’s internal user database, or for new users that are only authenticated through the external IDP.

There are no messages in Mautic’s logs either.

Any suggestions on where to look would be appreciated!

Eric

Same problem here, except IDP in my case is Shibboleth 3.3.1. Would love to be able to turn up any debugging messages to try to see what’s going on. I think I’ve done the proper attribute mapping, but still “Invalid login. Please verify credentials.”

Figured out how to turn on debug. (put ‘debug’ => 1 in app/config/local.php)

Now debugging logs appear in app/logs/prod-DATE.php

I can now see the assertion coming from the IDP, and it has a good signature according to lightSAML, but:

[2017-04-05 20:04:52] app.WARNING: Request state “_a72e06d992c3bfe63ac3612dd8d4024ba7965c2258” does not exist {“profile_id”:“sso_sp_receive_response”,“own_role”:“sp”,“action”:“LightSaml\Action\Profile\FlushRequestStatesAction”,“top_context_id”:“0000000060ec08af000000000693f461”} [] [2017-04-05 20:04:52] security.INFO: Authentication request failed. {“exception”:"[object] (Symfony\Component\Security\Core\Exception\BadCredentialsException(code: 0): User does not include required fields. at /users/j/t/jtl/mautic.jtl.w3.uvm.edu-root/app/bundles/UserBundle/Security/User/UserCreator.php:88)"} []

I wonder what are the required fields? Here are the relevant bits from settings/local.php:

‘saml_idp_own_password’ => null, ‘saml_idp_email_attribute’ => ‘mail’, ‘saml_idp_username_attribute’ => null, ‘saml_idp_firstname_attribute’ => ‘givenName’, ‘saml_idp_lastname_attribute’ => ‘uvmEduSurname’, ‘saml_idp_default_role’ => 1,

Forgot to mention, this is mautic v2.7.1

Looking at UserCreator.php it’s not getting any of the required fields … The code is trying to call $user->getUsername, or $user->getEmail, or one of the other required fields, but not getting a result.

Unfortunately I don’t have enough PHP/Symfony experience to take this much further right now. Any advice welcome.

I am having the same issue. I tried debuggging the code. But could’nt find the problem/solution yet.

Has anyone found a solution yet?

Thanks
Anoop