Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure SSO Not Working . #224

Open
samagarw opened this issue Jul 5, 2022 · 4 comments
Open

Azure SSO Not Working . #224

samagarw opened this issue Jul 5, 2022 · 4 comments
Assignees
@miracle8484
Labels
Check: BackEnd

Comments

@samagarw
Copy link

samagarw commented Jul 5, 2022
edited
Loading

Issue while setting up the SAML integration with Azure .

Getting Authorization Denied with following logs :

2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/sso/login/'
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/epam/'
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/info'
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/health'
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/api-docs/'
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/saml/'
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/error'; against '/templates/**'
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /error; Attributes: [authenticated]
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@5db26b6c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: x.x.x.x ; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2022-07-05 10:07:11.299 DEBUG 1 --- [nio-9999-exec-8] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@41eb7cb5, returned: -1
2022-07-05 10:07:11.300 DEBUG 1 --- [nio-9999-exec-8] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point

org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:158) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108) ~[spring-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:113) ~[spring-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.web.filter.CompositeFilter.doFilter(CompositeFilter.java:74) ~[spring-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.4.RELEASE.jar!/:5.2.4.RELEASE]

I am getting Authorization successful with the same role for other users ( Admin AND Custom Users )

2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/health'; against '/epam/**'
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/health'; against '/info'
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/health'; against '/health'
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /health; Attributes: [permitAll]
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@5dc51b5a: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffffa64e: RemoteIpAddress: 10.213.0.68; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@41eb7cb5, returned: 1
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2022-07-05 10:53:02.143 DEBUG 1 --- [nio-9999-exec-5] o.s.security.web.FilterChainProxy : /health reached end of additional filter chain;

I have followed the https://reportportal.io/docs/Azure-SAML-Integration .
@ASaiAnudeep
Copy link

@Yumfriez I'm also facing the same issue. Authentication at Azure AD is being recorded as successful but in the logs of ReportPortal it is being showed as Forbidden.

@babantax
Copy link

babantax commented Nov 2, 2022

Good morning
I´m facing the same issue. Did you find any solution @samagarw @ASaiAnudeep ?

@ASaiAnudeep
Copy link

We need to upgrade to the latest community edition. It started working when entire browsing data is cleared in the chrome browser.

@miracle8484
Copy link
Contributor

Helllo, @samagarw is problem still reproducing?

@miracle8484 miracle8484 self-assigned this Jan 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@miracle8484 miracle8484

Labels
Check: BackEnd
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@samagarw @ASaiAnudeep @babantax @miracle8484