https://github.com/osquery/osquery logo
Title
d

dram

02/02/2022, 11:52 PM
I'm trying to setup fleetdm login with SAML (SSO), SSO auth passed (as per saml trace) but fleetdm UI still not allowing me to get in. any thoughts ?
z

zwass

02/03/2022, 12:08 AM
Can you open up your network inspector and look at the SAML response in the request to
/api/v1/fleet/callback
? It should be a big base64 encoded string. You can paste that into a saml decoder and look at the
NameID
returned. Is that an email that matches an email for a user in Fleet with SSO enabled?
d

dram

02/03/2022, 12:21 AM
<NameID Format="urn😮asis:names🇹🇨SAML:1.1:nameid-format:emailAddress">myname@xy.com</NameID>
yes it matches with my email
z

zwass

02/03/2022, 12:42 AM
User account in Fleet has SSO enabled?
Anything in the Fleet server logs at the time that request completes?
d

dram

02/03/2022, 12:58 AM
Yes USer has enabled SSO
I enabled Debug log in fleet but not writing anyting
z

zwass

02/03/2022, 1:29 AM
Do you get anything the fleet stderr when that response comes back? Should see a log similar to this:
{"component":"http","level":"info","method":"POST","took":"7.6686ms","ts":"2022-02-03T01:21:54.3815045Z","uri":"/api/v1/fleet/sso/callback","user":"unauthenticated"}