https://github.com/osquery/osquery logo
Title
w

wkleinhenz

05/22/2021, 12:28 AM
im trying to setup SAML using authentik (https://goauthentik.io/) but when i click the SSO button, i get a 405 error when redirecting back to fleet, i cant seem to find anything in the logs but im not entirely sure what to look for, i have the NameID set to user Email, the ACS set correctly and the Service Provider Binding to Redirect, using Post just puts me back at the login screen for fleet
z

zwass

05/22/2021, 12:35 AM
Anything in the Fleet server logs? Network inspector on the browser?
w

wkleinhenz

05/22/2021, 12:50 AM
The main error im seeing now is
"signature validation failed: signing verification failed: Missing signature referencing the top-level element","level":"info","method":"CallbackSSO"
which i imagine is a certificate error as the cert i have in authentik is auto generated ill need to switch it out to match my self signed ca
z

zwass

05/24/2021, 2:08 AM
The IdP metadata you put into Fleet ought to include the certificate information. Self-signed should be fine.
w

wkleinhenz

05/24/2021, 12:34 PM
hm ok ill have to double check somethings then
hm taking another look, and i seem to have everything right, now with a good cert and im still getting 405 errors but in the logs all im getting is logs like
{"component":"service","err":null,"level":"info","method":"InitiateSSO","took":"5.093856ms","ts":"2021-05-24T17:58:27.619676Z"}
{"component":"service","err":null,"level":"info","method":"SSOSettings","took":"1.979558ms","ts":"2021-05-24T17:58:30.933356736Z"}
{"component":"service","err":null,"level":"info","method":"SSOSettings","took":"960.833µs","ts":"2021-05-24T17:58:31.254117062Z"}
actually i got it working had to change the Service Provider Binding from redirect to post