Title
#fleet
w

wkleinhenz

05/22/2021, 12:28 AM
im trying to setup SAML using authentik (https://goauthentik.io/) but when i click the SSO button, i get a 405 error when redirecting back to fleet, i cant seem to find anything in the logs but im not entirely sure what to look for, i have the NameID set to user Email, the ACS set correctly and the Service Provider Binding to Redirect, using Post just puts me back at the login screen for fleet
zwass

zwass

05/22/2021, 12:35 AM
Anything in the Fleet server logs? Network inspector on the browser?
w

wkleinhenz

05/22/2021, 12:50 AM
The main error im seeing now is
"signature validation failed: signing verification failed: Missing signature referencing the top-level element","level":"info","method":"CallbackSSO"
which i imagine is a certificate error as the cert i have in authentik is auto generated ill need to switch it out to match my self signed ca
zwass

zwass

05/24/2021, 2:08 AM
The IdP metadata you put into Fleet ought to include the certificate information. Self-signed should be fine.
w

wkleinhenz

05/24/2021, 12:34 PM
hm ok ill have to double check somethings then
6:01 PM
hm taking another look, and i seem to have everything right, now with a good cert and im still getting 405 errors but in the logs all im getting is logs like
{"component":"service","err":null,"level":"info","method":"InitiateSSO","took":"5.093856ms","ts":"2021-05-24T17:58:27.619676Z"}
{"component":"service","err":null,"level":"info","method":"SSOSettings","took":"1.979558ms","ts":"2021-05-24T17:58:30.933356736Z"}
{"component":"service","err":null,"level":"info","method":"SSOSettings","took":"960.833µs","ts":"2021-05-24T17:58:31.254117062Z"}
6:59 PM
actually i got it working had to change the Service Provider Binding from redirect to post