https://github.com/osquery/osquery logo
Join Slack
Powered by
I'm trying to setup fleetdm login with SAML (SSO),...
# fleet
d
I'm trying to setup fleetdm login with SAML (SSO), SSO auth passed (as per saml trace) but fleetdm UI still not allowing me to get in. any thoughts ?
z
Can you open up your network inspector and look at the SAML response in the request to 
/api/v1/fleet/callback
? It should be a big base64 encoded string. You can paste that into a saml decoder and look at the 
NameID
returned. Is that an email that matches an email for a user in Fleet with SSO enabled?
d
<NameID Format="urnoasisnamestcSAML1.1nameid-format:emailAddress">myname@xy.com</NameID>
yes it matches with my email
z
User account in Fleet has SSO enabled?
Anything in the Fleet server logs at the time that request completes?
d
Yes USer has enabled SSO
I enabled Debug log in fleet but not writing anyting
z
Do you get anything the fleet stderr when that response comes back? Should see a log similar to this: 
{"component":"http","level":"info","method":"POST","took":"7.6686ms","ts":"2022-02-03T01:21:54.3815045Z","uri":"/api/v1/fleet/sso/callback","user":"unauthenticated"}
5 Views
Open in Slack
PreviousNext
Powered by