SAML Configuration: Azure AD Error

hegde89 · July 12, 2020, 6:31pm

Issue Summary

We are trying to Configure the SAML with Azure AD, We have created the NON-Gallery Application.

We are encountering the following Error:

# Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

Technical details:

Azure AD SAML Setting
Basic SAML Configuration
Identifier (Entity ID) : (Self-Hosted-DNS).com/saml/login
Reply URL (Assertion Consumer Service URL): (Self-Hosted-DNS).com/saml/callback?org_slug=default
Sign on URL : Blank
Relay State : Blank
Logout Url : Blank

User Attributes & Claims
    givenname : user.givenname
    surname : user.surname
    emailaddress : user.mail
    name : user.userprincipalname
    Unique User Identifier : user.userprincipalname

Redash Application SAML Setting
SAML Metadata URL : (App Federation Metadata Url)
SAML Entity ID : https://sts.windows.net/(tenantID)/
SAML NameID Format : urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Redash Version: Version: 8.0.0 (dev)
Browser/OS: Ubuntu
How did you install Redash: Using Bitnami

k4s1m · July 13, 2020, 2:50pm

Do your Redash logs give a more verbose error? The past few times I saw this error it was because the metadata XML was badly formed.

hegde89 · July 16, 2020, 10:43am

SigverError: Can’t find [‘xmlsec1’]
[2020-07-13 15:19:27,828][PID:5429][INFO][metrics] method=GET path=/saml/login endpoint=saml_auth_sp_initiated status=500 content_type=? content_length=-1 duration=4.67 query_count=1 query_duration=0.99
[2020-07-13 15:19:28,853][PID:5425][INFO][metrics] method=GET path=/favicon.ico endpoint=redash_index status=302 content_type=text/html; charset=utf-8 content_length=373 duration=0.54 query_count=0 query_duration=0.00
[2020-07-13 15:19:29,080][PID:5429][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=1958 duration=4.41 query_count=1 query_duration=1.00
[2020-07-13 15:19:55,885][PID:5426][INFO][metrics] method=GET path=/ endpoint=redash_index status=302 content_type=text/html; charset=utf-8 content_length=351 duration=0.52 query_count=0 query_duration=0.00
[2020-07-13 15:19:56,105][PID:5423][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=1947 duration=3.98 query_count=1 query_duration=0.93
[2020-07-13 15:20:02,081][PID:5429][INFO][metrics] method=POST path=/login endpoint=redash_login status=302 content_type=text/html; charset=utf-8 content_length=209 duration=85.89 query_count=2 query_duration=1.96
[2020-07-13 15:20:02,264][PID:5425][INFO][metrics] method=GET path=/ endpoint=redash_index status=200 content_type=text/html; charset=utf-8 content_length=1441 duration=0.66 query_count=2 query_duration=2.45
[2020-07-13 15:20:02,474][PID:5425][INFO][metrics] method=GET path=/static/unsupportedRedirect.js endpoint=static status=200 content_type=application/javascript content_length=150 duration=0.60 query_count=2 query_duration=2.47
[2020-07-13 15:20:02,644][PID:5429][INFO][metrics] method=GET path=/static/vendors~app.22941359f2e6f98e80a1.css endpoint=static status=200 content_type=text/css; charset=utf-8 content_length=65687 duration=0.49 query_count=2 query_duration=1.90
[2020-07-13 15:20:02,968][PID:5429][INFO][metrics] method=GET path=/static/app.a0595254bc5893ba54aa.css endpoint=static status=200 content_type=text/css; charset=utf-8 content_length=1073542 duration=0.50 query_count=2 query_duration=2.26
[2020-07-13 15:20:03,016][PID:5429][INFO][metrics] method=GET path=/static/app.a0595254bc5893ba54aa.js endpoint=static status=200 content_type=application/javascript content_length=713512 duration=0.52 query_count=2 query_duration=11.25
[2020-07-13 15:20:03,017][PID:5423][INFO][metrics] method=GET path=/static/vendors~app.22941359f2e6f98e80a1.js endpoint=static status=200 content_type=application/javascript content_length=4082023 duration=0.46 query_count=2 query_duration=9.34
[2020-07-13 15:20:07,578][PID:5423][INFO][metrics] method=GET path=/api/session endpoint=redash_session status=200 content_type=application/json content_length=1386 duration=3.29 query_count=4 query_duration=3.67
[2020-07-13 15:20:07,828][PID:5429][INFO][metrics] method=GET path=/api/organization/status endpoint=redash_organization_status status=200 content_type=application/json content_length=96 duration=32.88 query_count=7 query_duration=12.76
[2020-07-13 15:20:08,060][PID:5429][INFO][metrics] method=GET path=/static/fonts/fontawesome-webfont.af7ae50.woff2 endpoint=static status=200 content_type=font/woff2 content_length=77160 duration=0.47 query_count=2 query_duration=10.75
[2020-07-13 15:20:08,071][PID:5425][INFO][metrics] method=GET path=/static/fonts/Material-Design-Iconic-Font.a4d3112.woff2 endpoint=static status=200 content_type=font/woff2 content_length=38384 duration=0.55 query_count=2 query_duration=2.50
[2020-07-13 15:20:08,101][PID:5423][INFO][metrics] method=GET path=/api/queries/favorites endpoint=query_favorites status=200 content_type=application/json content_length=55 duration=62.62 query_count=4 query_duration=35.70
[2020-07-13 15:20:08,102][PID:5426][INFO][metrics] method=GET path=/api/dashboards/favorites endpoint=dashboard_favorites status=200 content_type=application/json content_length=55 duration=60.16 query_count=4 query_duration=25.68
[2020-07-13 15:20:08,295][PID:5429][INFO][metrics] method=GET path=/static/images/illustrations/dashboard.svg endpoint=static status=200 content_type=image/svg+xml content_length=140409 duration=0.76 query_count=2 query_duration=4.29
[2020-07-13 15:20:08,318][PID:5425][INFO][metrics] method=GET path=/api/dashboards/favorites endpoint=dashboard_favorites status=200 content_type=application/json content_length=55 duration=21.70 query_count=4 query_duration=14.17
[2020-07-13 15:20:08,573][PID:5425][INFO][metrics] method=GET path=/api/queries/favorites endpoint=query_favorites status=200 content_type=application/json content_length=55 duration=20.94 query_count=4 query_duration=7.90
[2020-07-13 15:20:09,109][PID:5429][INFO][metrics] method=POST path=/api/events endpoint=events status=200 content_type=application/json content_length=4 duration=7.06 query_count=2 query_duration=1.84
[2020-07-13 15:20:13,604][PID:5429][INFO][metrics] method=GET path=/api/organization/status endpoint=redash_organization_status status=200 content_type=application/json content_length=96 duration=26.63 query_count=7 query_duration=8.85
[2020-07-13 15:20:14,058][PID:5425][INFO][metrics] method=GET path=/api/users endpoint=users status=200 content_type=application/json content_length=534 duration=18.68 query_count=6 query_duration=5.45
[2020-07-13 15:20:16,694][PID:5425][INFO][metrics] method=GET path=/api/organization/status endpoint=redash_organization_status status=200 content_type=application/json content_length=96 duration=25.73 query_count=7 query_duration=8.54
[2020-07-13 15:20:17,023][PID:5429][INFO][metrics] method=GET path=/api/settings/organization endpoint=organization_settings status=200 content_type=application/json content_length=956 duration=1.70 query_count=3 query_duration=2.77
[2020-07-13 15:20:18,035][PID:5429][INFO][metrics] method=POST path=/api/events endpoint=events status=200 content_type=application/json content_length=4 duration=6.69 query_count=2 query_duration=2.22
[2020-07-13 15:29:27,823][PID:5426][INFO][metrics] method=GET path=/ endpoint=redash_index status=302 content_type=text/html; charset=utf-8 content_length=291 duration=0.56 query_count=0 query_duration=0.00
[2020-07-13 15:29:28,089][PID:5423][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=1947 duration=4.16 query_count=1 query_duration=1.06
[2020-07-13 15:31:35 +0000] [5410] [INFO] Handling signal: term
[2020-07-13 15:31:35 +0000] [5425] [INFO] Worker exiting (pid: 5425)
[2020-07-13 15:31:35 +0000] [5426] [INFO] Worker exiting (pid: 5426)
[2020-07-13 15:31:35 +0000] [5429] [INFO] Worker exiting (pid: 5429)
[2020-07-13 15:31:35 +0000] [5423] [INFO] Worker exiting (pid: 5423)
[2020-07-13 15:31:35 +0000] [5410] [INFO] Shutting down: Master
[2020-07-16 10:22:15 +0000] [1119] [INFO] Starting gunicorn 19.7.1
[2020-07-16 10:22:15 +0000] [1119] [INFO] Listening at: http://127.0.0.1:5000 (1119)
[2020-07-16 10:22:15 +0000] [1119] [INFO] Using worker: sync
[2020-07-16 10:22:15 +0000] [1161] [INFO] Booting worker with pid: 1161
[2020-07-16 10:22:15 +0000] [1163] [INFO] Booting worker with pid: 1163
[2020-07-16 10:22:15 +0000] [1165] [INFO] Booting worker with pid: 1165
[2020-07-16 10:22:15 +0000] [1166] [INFO] Booting worker with pid: 1166
[2020-07-16 10:22:37,536][PID:1163][INFO][metrics] method=GET path=/ endpoint=redash_index status=302 content_type=text/html; charset=utf-8 content_length=351 duration=1.23 query_count=0 query_duration=0.00
[2020-07-16 10:22:38,631][PID:1163][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=1947 duration=956.89 query_count=1 query_duration=42.05
[2020-07-16 10:22:38,808][PID:1163][INFO][metrics] method=GET path=/static/server.5cdfe7b4f652b665b03f.css endpoint=static status=200 content_type=text/css; charset=utf-8 content_length=187882 duration=9.03 query_count=0 query_duration=0.00
[2020-07-16 10:22:38,809][PID:1165][INFO][metrics] method=GET path=/static/images/redash_icon_small.png endpoint=static status=304 content_type=image/png content_length=6111 duration=7.99 query_count=0 query_duration=0.00
[2020-07-16 10:22:38,966][PID:1165][INFO][metrics] method=GET path=/static/js/jquery.min.js endpoint=static status=200 content_type=application/javascript content_length=86927 duration=10.42 query_count=0 query_duration=0.00
[2020-07-16 10:22:40,005][PID:1165][INFO][metrics] method=GET path=/static/images/favicon-32x32.png endpoint=static status=304 content_type=image/png content_length=2005 duration=0.52 query_count=0 query_duration=0.00
[2020-07-16 10:24:41,049] ERROR in app: Exception on /saml/login [GET]
Traceback (most recent call last):
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1982, in wsgi_app
response = self.full_dispatch_request()
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask_restful/init.py”, line 271, in error_router
return original_handler(e)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1612, in full_dispatch_request
rv = self.dispatch_request()
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File “/opt/bitnami/apps/redash/htdocs/redash/authentication/saml_auth.py”, line 106, in sp_initiated
saml_client = get_saml_client(current_org)
File “/opt/bitnami/apps/redash/htdocs/redash/authentication/saml_auth.py”, line 56, in get_saml_client
sp_config.load(saml_settings)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/saml2/config.py”, line 356, in load
self.load_complex(cnf, metadata_construction=metadata_construction)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/saml2/config.py”, line 296, in load_complex
self.load_metadata(cnf[“metadata”]))
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/saml2/config.py”, line 398, in load_metadata
disable_ssl_certificate_validation=disable_validation)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/saml2/mdstore.py”, line 850, in init
self.security = security_context(config)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/saml2/sigver.py”, line 1103, in security_context
xmlsec_binary = get_xmlsec_binary(_path)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/saml2/sigver.py”, line 203, in get_xmlsec_binary
raise SigverError(“Can’t find %s” % bin_name)
SigverError: Can’t find [‘xmlsec1’]
[2020-07-16 10:24:41,095][PID:1165][INFO][metrics] method=GET path=/saml/login endpoint=saml_auth_sp_initiated status=500 content_type=? content_length=-1 duration=152.31 query_count=1 query_duration=2.38
[2020-07-16 10:24:41,392][PID:1163][INFO][metrics] method=GET path=/favicon.ico endpoint=redash_index status=302 content_type=text/html; charset=utf-8 content_length=373 duration=0.63 query_count=0 query_duration=0.00
[2020-07-16 10:24:41,630][PID:1161][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=1958 duration=102.80 query_count=1 query_duration=2.42

hegde89 · July 16, 2020, 11:37am

Can please tell us what should we fill in Identifier (Entity ID) in in our AzureAD Basic SAML Configuration

k4s1m · July 16, 2020, 2:34pm

This means that your server doesn’t have xmlsec1 installed. That would be the next thing to investigate.

I think it’s the other way around. AzureAD should give you an entity ID which you paste into Redash.

hegde89 · July 17, 2020, 4:14am

Hi We need fill this Identifier (Entity ID) in AzureAD side

hegde89 · July 17, 2020, 5:46am

We did install the xmlsec1 Package after that we are getting same error

Log is different

’ [2020-07-17 05:17:35,796][PID:1507][INFO][saml2.client] destination to provider: https://login.microsoftonline.com/(Azure TenantID)/saml2
[2020-07-17 05:17:35,796][PID:1507][INFO][saml2.entity] REQUEST: <?xml version='1.0' encoding='UTF-8'?>
<ns0:AuthnRequest xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:ns1=“urn:oasis:names:tc:SAML:2.0:assertion” AssertionConsumerServiceURL=“https://mbvtestredash.westeurope.cloudapp.azure.com/saml/callback?org_slug=default” Destination=“https://login.microsoftonline.com/(Azure TenantID)/saml2” ID=“id-Q43B6aCNf3tQwHSiW” IssueInstant=“2020-07-17T05:17:35Z” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Version=“2.0”><ns1:Issuer Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://login.microsoftonline.com/(Azure TenantID)/login</ns1:Issuer><ns0:NameIDPolicy AllowCreate=“false” Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress” /></ns0:AuthnRequest>
[2020-07-17 05:17:35,797][PID:1507][INFO][saml2.client] AuthNReq: <?xml version='1.0' encoding='UTF-8'?>
<ns0:AuthnRequest xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:protocol” xmlns:ns1=“urn:oasis:names:tc:SAML:2.0:assertion” AssertionConsumerServiceURL=“https://mbvtestredash.westeurope.cloudapp.azure.com/saml/callback?org_slug=default” Destination=“https://login.microsoftonline.com/(Azure TenantID)/saml2” ID=“id-Q43B6aCNf3tQwHSiW” IssueInstant=“2020-07-17T05:17:35Z” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Version=“2.0”><ns1:Issuer Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://login.microsoftonline.com/(Azure TenantID)/login</ns1:Issuer><ns0:NameIDPolicy AllowCreate=“false” Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress” /></ns0:AuthnRequest>
[2020-07-17 05:17:35,797][PID:1507][INFO][saml2.entity] HTTP REDIRECT
[2020-07-17 05:17:35,797][PID:1507][INFO][metrics] method=GET path=/saml/login endpoint=saml_auth_sp_initiated status=302 content_type=text/html; charset=utf-8 content_length=1585 duration=259.09 query_count=1 query_duration=1.18
[2020-07-17 05:17:56,656][PID:1510][INFO][saml2.response] status: <?xml version='1.0' encoding='UTF-8'?>
<ns0:Status xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:protocol”><ns0:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” /></ns0:Status>
[2020-07-17 05:17:56,686][PID:1510][INFO][saml2.response] Subject NameID: <?xml version='1.0' encoding='UTF-8'?>
<ns0:NameID xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:assertion” Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”>(Firstname.LastName)@m365x389393.onmicrosoft.com</ns0:NameID>
[2020-07-17 05:17:56,687][PID:1510][INFO][saml2.client_base] — ADDED person info ----
[2020-07-17 05:17:56,687][PID:1510][INFO][saml2.response] Subject NameID: <?xml version='1.0' encoding='UTF-8'?>
<ns0:NameID xmlns:ns0=“urn:oasis:names:tc:SAML:2.0:assertion” Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”>(Firstname.LastName)@m365x389393.onmicrosoft.com</ns0:NameID>
[2020-07-17 05:17:56,688] ERROR in app: Exception on /saml/callback [POST]
Traceback (most recent call last):
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1982, in wsgi_app
response = self.full_dispatch_request()
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask_restful/init.py”, line 271, in error_router
return original_handler(e)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1612, in full_dispatch_request
rv = self.dispatch_request()
File “/opt/bitnami/apps/redash/htdocs/venv/lib/python2.7/site-packages/flask/app.py”, line 1598, in dispatch_request
return self.view_functionsrule.endpoint
File “/opt/bitnami/apps/redash/htdocs/redash/authentication/saml_auth.py”, line 82, in idp_initiated
name = “%s %s” % (authn_response.ava[‘FirstName’][0], authn_response.ava[‘LastName’][0])
KeyError: ‘FirstName’
[2020-07-17 05:17:56,689][PID:1510][INFO][metrics] method=POST path=/saml/callback endpoint=saml_auth_idp_initiated status=500 content_type=? content_length=-1 duration=286.41 query_count=1 query_duration=1.21
[2020-07-17 05:17:57,128][PID:1508][INFO][metrics] method=GET path=/favicon.ico endpoint=redash_index status=302 content_type=text/html; charset=utf-8 content_length=373 duration=0.64 query_count=0 query_duration=0.00
[2020-07-17 05:17:57,264][PID:1507][INFO][metrics] method=GET path=/login endpoint=redash_login status=200 content_type=text/html; charset=utf-8 content_length=1958 duration=4.48 query_count=1 query_duration=1.37
[2020-07-17 05:26:25,352][PID:1509][INFO][metrics] method=GET path=/ endpoint=redash_index status=302 content_type=text/html; charset=utf-8 content_length=285 duration=0.52 query_count=0 query_duration=0.00’

hegde89 · July 17, 2020, 7:19am

Hi @k4s1m Thanks for the help we successfully integrated Azure ADFS with Redash
SAML Login working file

cheechyuan · July 23, 2020, 6:34am

Hi @hegde89 may I know what did you change for it to be working?

cheechyuan · July 23, 2020, 4:38pm

in my case, it has something to do with the mapping of the attributes. hopefully this helped someone

▼Categories

▼Tags

SAML Configuration: Azure AD Error

Issue Summary

Technical details: