Our confluence server use below saml plugin for federated authentication with ADFS.
https://github.com/bitium/confluence-saml-plugin
After our administration change the confluence server host name, we had trouble to do federate authentication. The ADFS no exception. Confluence throw "Smal internal error"
The issue was:
The new confluence server internal mark as use explicit address like:
https://confluence.domain.com:443/
So: the smal endpoint in configuration page is : https://confluence.domain.com:443/plugins/servlet/saml/auth
And the config page there is no relying party identifier, we get it from the ADFS exception "https://confluence.domain.com/confluenceSaml"
But in saml-plugin it expected is acceptance issuer is "https://confluence.domain.com:443/confluenceSaml".
So here is the trick :
The ADFS for replying party trust if identifier is url format.
The ADFS look the address "https://confluence.domain.com:443/confluenceSaml".
and "https://confluence.domain.com/confluenceSaml"
is Same, But in saml plugin, these two is not same!
No comments:
Post a Comment