SAML Plugin Configuration


#1

Hi Team,
We are in process of configuring SAML plugin to authenticate. Also have configured the Identity provider settings.
The entityID in SPMetdata xml is entityID=“https://xxxxxxxx/piwik/index.php?module=LoginSaml&action=metadata”>

Authentication is failing because of & in entityId. How can we configure entityid in metdata xml?
Please suggest!!!


(Jason) #2

Hi,

Can you please supply any errors you are seeing and identity provider to shop@innocraft.com

Thanks


#3

Hi,
you mean Identity provider entity id, SSO service URL etc?? These data is confidential.


(Jason) #4

Hi,

No, we just need your Identity Provider such as one-login etc and error codes you are seeing. Can you please send this information to shop@innocraft.com

Thanks


#5

Hi Jason,
Ours is based on the products of ForgeRock https://www.forgerock.com/ especially on OpenAM that manage the authentication.
I dont see any error in SAML.log… except this line “Initiated the Single Sign On, Redirecting to the IdP”.
Can u please let me know if you need any other info.


(Jason) #6

You can modify the Entity ID of the SP In the advanced setting of on the SAML plugin.


#7

Hi Jason,
I have enabled debug mode and given entity ID. Still I dont see any error in SAML.log . Saml Login redirects to our authentication page with below error. Can the entity ID be an URL format or any other format???


(Jason) #8

Hi,

Can you please tell me what version of Matomo you are using at the moment?

Thanks,


#9

Hi Jason,
I have replied you through mail for this question few days back. We are using matomo 3.5.1


(Jason) #10

HI,

Sorry, we don’t seem to have received this email. Could upgrade your Matomo to the latest version, as well as the plugin?


#11

Let me check on upgrade part. But 3.5.1 is also much latest version right…


(Jason) #12

Hi,

The latest Matomo version is 3.6.0, the plugin is at 3.1.0

Thanks


#13

Hi Jason,

Saml is properly configured now with IDp settings. But SAML login gives the following error.

A fatal error occurred

Please contact the system administrator, or login to Matomo to learn more.

If you are Super User, but cannot login because of this error, you can still troubleshoot further. Follow these steps:

  1. open the config/config.ini.php file and look for the salt value under [General] .
  2. edit this current URL you are viewing and add the following text (replacing salt_value_from_config by the salt value from the config file):

index.php?i_am_super_user=salt_value_from_config&....

Invalid SAMLResponse. The status code of the Response was not Success, was Requester -> urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext

The Saml Issuer coming SAML response (in the post request) is wrong. The advanced SPentityId is set to correct value in settings.
How can this value is changed?


(Jason) #14

Hi,

Sorry for the delay in getting back to you. Can you confirm your Matomo and SAML version?

Thanks,