jackson: SSO login is not working

Found a bug? Please fill out the sections below. 👍

Issue Summary

A summary of the issue. This needs to be a clear detailed-rich summary. We tried creating SAML app in google admin and followed the steps as described in the tutorial https://boxyhq.com/docs/jackson/sso-providers/google and created a SAML connection with the rawMetadata from the xml file downloaded from google SAML app. When we try using the SSO login, after email and password is entered the google error page is shown as below

Error: app_not_configured_for_user
Service is not configured for this user.
Request Details
idpid=xxxxxxxxxx
RelayState=boxyhq_jackson_xxxxxxxxxxxxx
SAMLRequest=xxxxxxxxxxxxxxx

The error from the SSO tracer is Invalid assertion. invalid signature: the signature value xxxxxxxxxxxxxxxxx is incorrect Assertion Type: Response SP Protocol: OAUTH 2.0

Steps to Reproduce

  1. Followed the steps as described in the tutorial https://boxyhq.com/docs/jackson/sso-providers/google
  2. Created a SAML connection with the rawMetadata from the xml file downloaded from google SAML app.

Any other relevant information. For example, why do you consider this a bug and what did you expect to happen instead?

Technical details

  • Browser version: You can use https://www.whatsmybrowser.org/ to find this out. Chrome 123
  • Node.js version: 18
  • Anything else that you think could be an issue.

About this issue

  • Original URL
  • State: closed
  • Created 3 months ago
  • Reactions: 1
  • Comments: 15 (8 by maintainers)

Most upvoted comments

@deepakprabhakara and @niwsa Thank you very much for releasing the fix quickly, it is working now.

+3
thekoushik on Apr 7, 2024

You’re most welcome. Thanks for reporting it.

+2
deepakprabhakara on Apr 7, 2024

If you can send Aswin (to the email above) the SAML response we can investigate.

+2
deepakprabhakara on Apr 3, 2024

@thekoushik Would be happy to look into the issue over a call if you are up for it. You can ping me at aswin@boxyhq.com.

+1
niwsa on Apr 3, 2024

app_not_configured_for_user from Google would indicate that the user has not been provisioned in Google to access the SAML app. The SSO tracer trace might be for a different login, that would normally indicate a signature mismatch. Is it from the same tenant and product as the Google connection?

+1
deepakprabhakara on Apr 2, 2024
Read more comments on GitHub
← boxrec: Uncaught TypeError TypeError: $ is not a function When trying to get "output" or "links"
cs: Interactive TUI mode does not utilize terminal colors →