After our upgrade from 8 to 10 our SAML configuration stopped working.
redash-server-1 | [2022-11-29 15:28:40,565][PID:10][ERROR][saml2.client_base] SAML status error: Unsuccessful operation: <ns0:Status xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:protocol”><ns0:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Responder”><ns0:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:RequestDenied” /></ns0:StatusCode></ns0:Status>
redash-server-1 | urn:oasis:names:tc:SAML:2.0:status:RequestDenied from urn:oasis:names:tc:SAML:2.0:status:RequestDenied
redash-server-1 | [2022-11-29 15:28:40,565][PID:10][ERROR][saml_auth] Failed to parse SAML response
redash-server-1 | Traceback (most recent call last):
redash-server-1 | File “/app/redash/authentication/saml_auth.py”, line 108, in idp_initiated
redash-server-1 | request.form[“SAMLResponse”], entity.BINDING_HTTP_POST
redash-server-1 | File “/usr/local/lib/python3.7/site-packages/saml2/client_base.py”, line 711, in parse_authn_request_response
redash-server-1 | binding, **kwargs)
redash-server-1 | File “/usr/local/lib/python3.7/site-packages/saml2/entity.py”, line 1195, in _parse_response
redash-server-1 | response = response.verify(keys)
redash-server-1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 1038, in verify
redash-server-1 | res = self._verify()
redash-server-1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 414, in _verify
redash-server-1 | assert self.status_ok()
redash-server-1 | File “/usr/local/lib/python3.7/site-packages/saml2/response.py”, line 377, in status_ok
redash-server-1 | raise err_cls(msg)
redash-server-1 | saml2.response.StatusRequestDenied: Unsuccessful operation: <ns0:Status xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:protocol”><ns0:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Responder”><ns0:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:RequestDenied” /></ns0:StatusCode></ns0:Status>
redash-server-1 | urn:oasis:names:tc:SAML:2.0:status:RequestDenied from urn:oasis:names:tc:SAML:2.0:status:RequestDenied
redash-server-1 | [2022-11-29 15:28:40,566][PID:10][INFO][metrics] method=POST path=/saml/callback endpoint=saml_auth_idp_initiated status=302 content_type=text/html; charset=utf-8 content_length=219 duration=105.40 query_count=1 query_duration=1.15
Our config:
metadata url
https://########/FederationMetadata/2007-06/FederationMetadata.xml
entity id
https://########/saml/callback?org_slug=default
saml nameid format
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Anyone else experience a similar problem?