redash: [saml] Signature missing for assertion

Issue Summary

I want to config redash use keycloak as SAML backend, now I can redirect to keycloak login page and can login success, but when keycloak redirect back to redash, I got error message below:

[2018-10-17 11:49:22,787][PID:21][INFO][saml2.response] status: <?xml version='1.0' encoding='UTF-8'?>
<ns0:Status xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></ns0:Status>
[2018-10-17 11:49:22,788][PID:21][ERROR][saml2.client_base] XML parse error: Signature missing for assertion
[2018-10-17 11:49:22,788][PID:21][ERROR][saml_auth] Failed to parse SAML response
Traceback (most recent call last):
  File "/app/redash/authentication/saml_auth.py", line 73, in idp_initiated
    entity.BINDING_HTTP_POST)
  File "/usr/local/lib/python2.7/dist-packages/saml2/client_base.py", line 702, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/saml2/entity.py", line 1170, in _parse_response
    response = response.verify(keys)
  File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 1018, in verify
    if self.parse_assertion(keys):
  File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 930, in parse_assertion
    if not self._assertion(assertion, False):
  File "/usr/local/lib/python2.7/dist-packages/saml2/response.py", line 781, in _assertion
    raise SignatureError("Signature missing for assertion")
SignatureError: Signature missing for assertion

My SAML config is something look like this: SAML Metadata URL

http://xxx.xxx.xxx.xxx/auth/realms/somerelm/protocol/saml/descriptor

SAML Entity ID

redash

SAML NameID Format

urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Steps to Reproduce

  1. first install latest redash from docker compose
  2. config like the config above

Technical details:

  • Redash Version:5.0.0+b4754
  • Browser/OS:chrome
  • How did you install Redash:docker compose

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 15 (2 by maintainers)

Most upvoted comments

@thiagodiogo Of course!

FIrst, you should make sure keep your SAML enabled, and fill with these values:

SAML Metadata URL http://your.domain.com/auth/realms/${realmid}/protocol/saml/descriptor

SAML Entity ID redash

SAML NameID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

Second, add a client named redash in keycloak with below configure: image image image image image

That’s all!

+25
rockxsj on Oct 24, 2018

@arikfr I’ve submitted PR with this documentation improvement https://github.com/getredash/website/pull/567 and I restyle the doc that was specified by Restyled.io bot Could you please take a look? Thanks in advance

+1
iamtodor on Apr 30, 2021
Read more comments on GitHub
← redash: Redis decode_responses rq incompatibility
redash: Scheduler not working, setting refresh_schedules is not making queries to be queued →