Help debugging issue with SAML

Community Support
1

Description

Hello! I was hoping for some help debugging an issue with have with SAML and Rocket.chat. We have successfully been using Rocket.chat with SAML ( Duo DAG ) for SSO for server for several months with tremendous success. But yesterday I noticed a problem when a new user attempts to log in. When they click on the SAML Login button, they are redirected to the Duo DAG Idp. After successfully authenticating, they are redirected back to the Rocket.chat server but they are presented again with the SAML Login Button. Existing users have no issue logging in.

I enabled SAML debugging on RC, and I can see the data being returned from the Idp, which all looks correct. All the expected fields are populated with valid data. I see no obvious error, but I do see this message.

I20200206-11:24:20.155(0) Meteor āž” method public-settings/get -> userId: null, arguments: [{}]

Now, if I go into RC and manually create the account before SAML uses it, then everything works splendidly.

If if it matters the Rocket.chat server does not have access to AD.

Any pointers on where to look?

Thank you!

Warren.

Server Setup Information

  • Version of Rocket.Chat Server: 2.4.5
  • Operating System: Centos 7
  • Deployment Method: tar
  • Number of Running Instances: 1
  • DB Replicaset Oplog:
  • NodeJS Version:
  • MongoDB Version:
  • Proxy: nginx
  • Firewalls involved:
1 Like
2

I also have this problem, but with Rocket.Chat Server 3.0.7, on CentOS 8, authenticating SAML against ADFS 4.0.

3

In my case I setup a new clean instance which worked agsint my Duo Security DAG. I then looked at each option on my live system, comparing and adjusting one by one to match the default until I found the cause of the isisue.

4

Can you share the cause that you found? My system has never worked (I just set it up), so Iā€™d be interested to know what changes fixed your issue.