Source: https://docs.rocket.chat/guides/administrator-guides/authentication/saml (Great Docs!!)
Setting up SAML in the UI
Getting metadata to put in simplesamlphp with domain/_saml/metadata/simplesaml/
This generated output is providing wrong urls.
I assume this is the problem, but can’t figure out how to fix it
1st line in saml20-sp-remote.php is:
“$metadata[‘https://rocket.my.com/_saml/metadata/simplesaml’]” so it’s getting the wrong url info
The auth process works perfectly but then redirects back to localhost address
localhost:3000/home?saml_idp_credentialToken=id-gWjMQQn7bTLbvf6S9
Server Setup Information
- Version of Rocket.Chat Server: 3.4.2
- Operating System: Ubuntu 18
- Deployment Method: TAR
- Number of Running Instances: 1
- DB Replicaset Oplog:
- NodeJS Version: v12.18.3
- MongoDB Version: v4.0.19
- Proxy: Nginx
- Firewalls involved: UFW disabled
Any help / suggestion would be a big help. Can provide parsed generated meta file on request
Hello imedlin. I had same trouble. But your information was very useful for me.
I solved this issue just now. Thanks a lot. I hope this information will help you.
My Server Setup Information :
Rocket.Chat 3.5.4 (docker) : docker env setting : ROOT_URL=[rocketchat srv]:3000/rocketchat
Apache 2.4.39 : use ProxyPass/ProxyPassReverse for SSL connection
Mongo 4.1.4 (docker), SimpleSamlPhp 1.18.7, PHP 7.3.7
SAML issuer : https://[rocketchat srv]/simplesaml/module.php/saml/sp/metadata.php/rocket-chat
- use mongo client ( after this operation [localhost:3000/home] change )
login : mongo mongodb://[root user]@[mongo ip addr]:[mongo port]/rocketchat?authSource=admin
query : db.rocketchat_settings.update("{_id":“Site_Url”},{$set:{value:"[rocketchat srv]/rocket-chat">"
- initial part of my metadata(simplesamlphp/metadata/saml20-sp-remote.php)
$metadata[‘https://[rocketchat srv]/simplesaml/module.php/saml/sp/metadata.php/rocket-chat’] = array (
‘SingleLogoutService’ => array (
0 => array (
‘Binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’,
‘Location’ => ‘https://[rocketchat ip addr]/rocket-chat/_saml/logout/rocket-chat’,), ),
‘AssertionConsumerService’ => array (
0 => array (
‘index’ => 0,
‘Binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’,
‘Location’ => ‘https://[rocketchat ip addr]/rocket-chat/_saml/validate/rocket-chat’,),
1 => array (
‘index’ => 1,
‘Binding’ => ‘urn:oasis:names:tc:SAML:1.0:profiles:browser-post’,
‘Location’ => ‘https://[rocketchat ip addr]/rocket-chat/_saml/validate/rocket-chat’,),
2 => array (
‘index’ => 2,
‘Binding’ => ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact’,
‘Location’ => ‘https://[rocketchat ip addr]/rocket-chat/_saml/validate/rocket-chat’,),
3 => array (
‘index’ => 3,
‘Binding’ => ‘urn:oasis:names:tc:SAML:1.0:profiles:artifact-01’,
‘Location’ => ‘https://[rocketchat ip addr]/rocket-chat/_saml/validate/rocket-chat’,),
),
‘contacts’ => …