Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1519310 - CloudForms SAML/SSO fails - The requested URL /saml2 was not found on this server
Summary: CloudForms SAML/SSO fails - The requested URL /saml2 was not found on this se...
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: 5.9.0
Assignee: Dayle Parker
QA Contact: Chris Budzilowicz
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-30 15:12 UTC by ncatling
Modified: 2017-12-08 02:20 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Doc should be updated
Clone Of:
Last Closed: 2017-12-08 02:20:35 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:

Attachments (Terms of Use)

Description ncatling 2017-11-30 15:12:33 UTC
Description of problem:

Following the documented [1] implementation of CloudForms SSO using IPA and RH SSO, attempting to log in fails, producing this error in the UI instead:

Not Found
The requested URL /saml2 was not found on this server.

[1] Section, “Configuring External Authentication Using SAML”

Removing the 'Master SAML Processing URL' value from the SSO client configuration resolved the problem.

Version-Release number of selected component (if applicable):
IPA : version: 4.5.0
SSO: Server Version  7.1.3.GA

How reproducible:

Steps to Reproduce:
1. Implement as per documented procedure [1]
2. Attempt log in to CF appliance UI

Actual results:

Error above appears.

Expected results:

Successful log in.

Additional info:

This may simply be a documentation error.

Comment 2 Joe Vlcek 2017-11-30 15:26:57 UTC
Hey Nik.

Please confirm my understanding of the issue. The BZ seems to indicate that by removing the Master SAML Processing URL value from the SSO client configuration the issue is resolved. So my understanding is that the documentation may simply need to be updated to suggest removing the Master SAML Processing URL value from the SSO client configuration. Is that correct?

Thank you! JoeV

Comment 4 ncatling 2017-12-01 10:45:40 UTC
Hi Joe - agreed, this does simply seem to be a documentation bug for downstream (CloudForms).

Comment 5 Andrew Dahms 2017-12-04 00:15:02 UTC
Assigning to Dayle for review.

Dayle - see the above for what should be a simple fix to an issue a customer ran into when setting up authentication.

Comment 6 Dayle Parker 2017-12-06 02:30:20 UTC
Hi Chris,

I've removed the  "Master SAML Processing URL" line from the table in the procedure under the heading "Configuring the HTTP Server for SAML", which looks like all that is needed for this particular bug.

Would you mind reviewing please? Let me know if you think anything else is needed to be clear.

[@Prasad, if you have other docs fixes needed for the attached case, please let us know of any related BZs.]

Thank you,

Comment 9 Prasad Mukhedkar 2017-12-06 07:30:39 UTC
Dayle, ack! will open new BZ with my findings soon.

Comment 11 Dayle Parker 2017-12-08 02:20:35 UTC
Thank you Chris! I've also backported this to the gaprindshvili and fine branches in (merged) and PR #608.

The 4.5 General Configuration guide now includes this change in " Configuring External Authentication Using SAML":

Note You need to log in before you can comment on or make changes to this bug.