Not sure how, but I seemed to have broken my SAML-SSO
I can run the program without saml just fine, but when I attach the DELEGATE to the zcf. It goes away.
I have gas 3.20 and gas 4.01 on the same WS2019 IIS10 box. .xcf looks like this.
gas 3.20 does not use the SAML and has the /gas application pointing to the 3.20.09 isapi.dll
gas 4.01.05 uses SAML and has a /gas4 application pointing to the 4.01.03 isapi.dll
<APPLICATION Parent="defaultgwc"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="
http://www.4js.com/ns/gas/4.01/cfextwa.xsd">
<EXECUTION>
<ENVIRONMENT_VARIABLE Id="FGLSQLDEBUG">3</ENVIRONMENT_VARIABLE>
<ENVIRONMENT_VARIABLE Id="FGLWSDEBUG">3</ENVIRONMENT_VARIABLE>
<PATH>$(res.deployment.path)/.</PATH>
<MODULE>helloWorld.42m</MODULE>
<DELEGATE service="services/SAMLServiceProvider" />
</EXECUTION>
</APPLICATION>
The SAML.log shows this.
Date: 11/18/2024 Time: 17:18:02
MSG : 3152 - [Logs] "INIT" with level='DEBUG' done
Date: 11/18/2024 Time: 17:18:02
MSGLOG : 3152 - [Server] "Main" Started
Date: 11/18/2024 Time: 17:18:02
DEBUG : 3152 - [CryptoManager] "LoadKeys" Signing
Date: 11/18/2024 Time: 17:18:02
DEBUG : 3152 - [CryptoManager] "LoadKeys" Encryption
Date: 11/18/2024 Time: 17:18:02
DEBUG : 3152 - [CryptoManager] "LoadKeys" Metadata
Date: 11/18/2024 Time: 17:18:02
MSGLOG : 3152 - [CryptoManager] "LoadKeys" Metadata: No certificate or key found
Date: 11/18/2024 Time: 17:18:02
ACCESS : 3152 - [Server] "Main" Started
Date: 11/18/2024 Time: 17:18:02
ACCESS : 3152 - [Request] "10.16.100.104" incoming request : /gas4/ws/r/services/SAMLServiceProvider/Delegate
Date: 11/18/2024 Time: 17:18:02
MSGLOG : 3152 - [SPManager] "HasAccess"
https://apps01.myserver.org/gas4/ua/r/HelloWorldDate: 11/18/2024 Time: 17:18:02
DEBUG : 3152 - [SPManager] "HasAccess" (null)
Date: 11/18/2024 Time: 17:18:02
DEBUG : 3152 - [Access] "ValidateAccessToken" (null)
Date: 11/18/2024 Time: 17:18:02
MSGLOG : 3152 - [SPManager] "StartAuthentication"
https://apps01.myserver.org/gas4/ua/r/HelloWorldDate: 11/18/2024 Time: 17:18:02
ERROR : 3152 - [Session] "CreateSession" unable to create session: crypto library function failed : openssl error: error:1E08010C:DECODER
Date: 11/18/2024 Time: 17:18:02
ERROR : 3152 - [SPManager] "StartAuthentication" Unable to create session
Date: 11/18/2024 Time: 17:18:02
ACCESS : 3152 - [Request] "10.16.100.104" response returned:
ACCESS : 3152 - [Request] "10.16.100.104" response returned:
Date: 11/18/2024 Time: 17:21:58
ERROR : 3152 - [Server] "Request" -15575
Date: 11/18/2024 Time: 17:21:58
MSGLOG : 3152 - [RelayState] "RelayState" cleanup
Date: 11/18/2024 Time: 17:21:58
SQLERR : 3152 - [Nonce] "CleanupNonce" cleanup failed sqlcode=-6372
Date: 11/18/2024 Time: 17:21:58
MSGLOG : 3152 - [Access] "CleanupAccessToken" cleanup
Date: 11/18/2024 Time: 17:21:58
MSGLOG : 3152 - [Session] "Session" cleanup
Date: 11/18/2024 Time: 17:21:58
Configuration is
xml.saml_signature.x509 = "../crt/MyApps.crt"
xml.saml_signature.key = "../crt/MyApps.key"
xml.saml_encryption.x509 = "../crt/MyApps.crt"
xml.saml_encryption.key = "../crt/MyApps.key"
xml.saml_metadata_signature.x509 = "../crt/Fourjs.crt"
xml.saml_metadata_signature.key = "../crt/Fourjs.key"
#
# IdP Trusted certificates list
#
#xml.keystore.calist = "../crt/SSOCircleCA.crt"
#
# Configuration
#
saml.entityId = "urn:genero" # Identifies the Service Provider
saml.allowUnsecure = "false" # Whether unsecured communications are allowed between IdP and SP (Not recommended)
saml.wantAssertionsSigned = "true" # Indicates whether the incoming assertion must be signed
saml.wantResponseSigned = "false" # Indicates whether the incoming response must be signed
and yes, the files are there.
Microsoft SAML shows I signed in successfully.
The openssl error seems to lead me to think my certs went bad, but they are good until 2025 on the server and 2027 at microsoft. My other thought was the folder is not readable by IIS, but the FGLDIR is readable by IIS_IUSRS.
Any help would be greatly appreciated.
Sign in for full access
Help
