SAML no longer works after upgrade 20220106-001
Introduction
With the release 20230106-001 a restructure of simplesamlphp and it’s location created the need to move the library location inside of SimpleRisk. The result of this is IDP redirects are now directing to the wrong location. This FAQ servers to help users correct this issue.
How To Fix
The easiest way to resolve this issue is to go to the "Configure" menu at the top followed by "Extras" on the left. Go to the Custom Authentication configuration page by clicking the "Yes" next to it. Now find the SAML tab and click the Download SAML Metadata link near the top. Import this into the IDP and disable or remove the old entry. If you use ADFS or have made custom rules be sure that they are accounted for or recreated.
For reference these are the new URLs however updating them alone with out updating the metadata more than likely will not work. An example of the new location URLs can be found below:
Single Sign On URL: https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp
Recipient URL: https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp
Destination URL: https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp
Audience URI (SP Entity ID): https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/metadata.php/default-sp
Default Relay State: https://your_simplerisk_domain/your_simplerisk_path/extras/authentication/login.php
The default relay state if in use likely will not need to be updated.
Summary
Once you have updated these values in the IDP you should be able to login via SAML once again. If you have continued issues after updating please contact us at support@simplerisk.com
Introduction
With the release 20230106-001 a restructure of simplesamlphp and it’s location created the need to move the library location inside of SimpleRisk. The result of this is IDP redirects are now directing to the wrong location. This FAQ servers to help users correct this issue.
How To Fix
We need to update the configuration in your IDP to match the new values to restore SAML connectivity. An example of the new location URLs can be found below:
Single Sign On URL: https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp
Recipient URL: https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp
Destination URL: https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/default-sp
Audience URI (SP Entity ID): https://your_simplerisk_domain/vendor/simplesamlphp/simplesamlphp/www/module.php/saml/sp/metadata.php/default-sp
Default Relay State: https://your_simplerisk_domain/your_simplerisk_path/extras/authentication/login.php
The default relay state if in use likely will not need to be updated.
Summary
Once you have updated these values in the IDP you should be able to login via SAML once again. If you have continued issues after updating please contact us at support@simplerisk.com