Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

404 Not Found on SAML AuthnRequest #13111

Open
jorhett opened this issue Feb 19, 2025 · 0 comments
Open

404 Not Found on SAML AuthnRequest #13111

jorhett opened this issue Feb 19, 2025 · 0 comments
Labels
bug Something isn't working

Comments

@jorhett
Copy link

jorhett commented Feb 19, 2025

Describe the bug

We're trying to setup SAML with Ashby (who uses WorkOS). After we fill in all their options they send us a SAML test to confirm we've configured the right assertions. We get "Not Found" screen when it does the redirect to Authentik.

To Reproduce
Steps to reproduce the behavior:

  1. Go to https://setup.workos.com/portal/***snip****/sso/session-started and fill in your SAML configuration from Authentik
  2. Click on "Try Sign-In"
  3. See "Not Found" error

Expected behavior

Authentik should respond with a SAML response indicating the schema.

Screenshots
If applicable, add screenshots to help explain your problem.

Logs

Docker logs shows only 404, no mention of anything related to why it wasn't found

{"auth_via": "session", "domain_url": "sso.etched.com", "event": "/application/saml/ashby/sso/binding/redirect?SAMLRequest=***snip***", "host": "authentik.example.com", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 129476, "remote": "28.12.12.12", "request_id": "c8****91", "runtime": 61, "schema_name": "public", "scheme": "https", "status": 404, "timestamp":...

The AuthnReq appears valid

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol”
  ID="_01******C" Version="2.0" IssueInstant="2025-02-18T06:38:37.870Z”
  ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”
  Destination="https://authentik.example.com/application/saml/ashby/sso/binding/redirect/“
  AssertionConsumerServiceURL="https://auth.workos.com/sso/saml/acs/il*******ya” >
<saml:Issuerxmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://auth.ashbyhq.com/il*******ya</saml:Issuer>
  <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress AllowCreate="true" />
</samlp:AuthnRequest>

The ACLURL and Issuer values exactly match the values in the SAML configuration.

Version and Deployment (please complete the following information):

  • authentik version: [e.g. 2021.8.5] 2024.12.3
  • Deployment: [e.g. docker-compose, helm] podman quadlet

Additional context

This is our dozenth or so SAML setup, and we've never seen this problem before. We've tested and retested, started from scratch several times. Our best guess is that something about their AuthnRequest doesn't work for you in some way that you aren't logging.
@jorhett jorhett added the bug Something isn't working label Feb 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jorhett