RE: SAML + Auth2 SSO not working

Hi @dan

If you require any more details or can give some suggestions kindly let me know I am still unable to figure out the error causing here

Hi @dan
Thank you very much for your reply

"But you expect the user to be sent to the Sisense app because they should have been signed on automatically. Is that correct?"
Yes, expecting to sign on automatically and redirect to the Sisense app

Hostnames

Fusion-auth
Host: http://10.197.65.10:8080

ReactApp
Host: https://staging-portal.mydomain.co.uk
Authorized URL: https://staging-portal.mydomain.co.uk/Authenticated

Sisense

Host: http://10.197.60.25:8081
Authorized Redirect URL: http://10.197.60.25:8081/api/v1/authentication/login_saml_callback/

"Can you confirm both applications are web applications?" Yes both are web applications

"Are there any messages on the devtools console" Yes when redirecting to the FA login screen below error show on the console

LocaleSelect.js?version=1.26.1:16 Uncaught TypeError: element.addEventListener is not a function
at new FusionAuth.OAuth2.LocaleSelect (LocaleSelect.js?version=1.26.1:16)
at authorize?client_id=c6bcfb81-7387-4448-92fe-979fbc183864&response_type=code&redirect_uri=https://staging-portal.appdev.bluechipdomain.co.uk/Authenticated:437
at HTMLDocument.value (prime-min-1.4.1.js?version=1.26.1:4)

LocaleSelect.js?version=1.26.1:16 Uncaught TypeError: element.addEventListener is not a function
at new FusionAuth.OAuth2.LocaleSelect (LocaleSelect.js?version=1.26.1:16)
at authorize?client_id=076e4363-b470-40df-9ed8-97a41ce1d10c&redirect_uri=%2Fsamlv2%2Fcallback%2F998aa744-18a5-42b9-0dfe-e11f73d68a41&response_type=code&state=eyJhY3MiOiJodHRwOi8vMTAuMTk3LjU1Ljk1OjgwODEvYXBpL3YxL2F1dGhlbnRpY2F0aW9uL2xvZ2luX3NhbWxfY2FsbGJhY2siLCJhaSI6IjA3NmU0MzYzLWI0NzAtNDBkZi05ZWQ4LTk3YTQxY2UxZDEwYyIsImlkIjoiX2VmM2MyYjU0Y2I4Zjg3YTgxNjczIiwicnMiOiIvIn0%3D:437
at HTMLDocument.value (prime-min-1.4.1.js?version=1.26.1:4)

"You can log in to each application separately" Yes and redirect back to as defined (sisense to sisense and web app to web app)

@janakapdj

URls redirecting to login screens
Auth2:
https://staging-portal.mydomain.co.uk/oauth2/authorize?client_id=c6bcfb81-7387-4448-979fbc183864&response_type=code&redirect_uri=https://staging-portal.mydomain.co.uk/Authenticated

SAML
http://10.197.65.10:8080/oauth2/authorize?client_id=076e4363-b470-9ed8-97a41ce1d10c&redirect_uri=%2Fsamlv2%2Fcallback%2F998aa744-18a5-42b9-0dfe-e11f73d68a41&response_type=code&state=eyJhY3MiOiJodHRwOi8vMTAuMTk3LjU1Ljk1OjgwODEvYXBpL3YxL2F1dGhlbnRpY2F0aW9uL2xvZ2luX3NhbWxfY2FsbGJhY2siLCJhaSI6IjA3NmU0MzYzLWI0NzAtNDBkZi05ZWQ4LTk3YTQxY2UxZDEwYyIsImlkIjoiX2MxOGM4NTNiYzUyNTI3N2IxNWJkIiwicnMiOiIvIn0%3D

@janakapdj
Hope these also helps to give some suggestion
log when authenticated with Auth2

OAuth2 exchange authorization code debug log for [BlueChip] with clientId [c6bcfb81-7387-4448-92fe-979fbc183864].

10/1/2021 04:08:16 AM GMT Validate the provided authorization code [Oo4TyOqTFjLro1C9UlAfR1a3CTsmClP-beOdKP58w8w].
10/1/2021 04:08:16 AM GMT PKCE not utilized on this request.
10/1/2021 04:08:16 AM GMT No scopes requested.
10/1/2021 04:08:16 AM GMT Ensure the provided request parameters match those provided the authorization request.
10/1/2021 04:08:16 AM GMT User is registered for application with Id [c6bcfb81-7387-4448-92fe-979fbc183864] the [roles] and [applicationId] claims will be added.
10/1/2021 04:08:16 AM GMT The authorization code has been successfully exchanged for an access token.

SAML request
Incoming SAML v2 AuthnRequest.

Binding:
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect

Deflated and encoded request:
nVNNj9owEP0rke+JbT42wSKsWFBVpG0bAe1hL8g4k12rjp3aDkv/fZ0AFYddDpwszbx5M/PeePp4rFV0AOuk0TmiCUGPs6njtWrYvPVveg1/WnA+CjDtWJ/IUWs1M9xJxzSvwTEv2Gb+7ZkNEsIaa7wRRqFotczRDlL6QATd0yojHEpaVqRC0a9Lw1ARgM61sNLOc+1DiAxoTElM6JaMGB2yAUnoMH1BUXGmfpK6lPr19hz7E8ixr9ttERc/NlsUzZ0D60PjhdGurcFuwB6kgJ/r5xy9ed8wjGnoNkmT8TiZjFlGMop5I/EhPEEO0F4K3jFgZV6l3nWC7ARXas/Fb4yiZdBK6h7xASMlpKMkuCs7DE4ceDLJOE9Ho5hmfByPBvtJTMoKYqC0SoflQ8ZHFJ1MYb1U9sqN2yLwy8JotpEOtIMpvuK5OP09FK6WhVFS/L3H6S/G1tx/jqYJ7SOyjKseyqDmUs3L0oJzwRelzPvCAveQI29bQPgy2vn+oOyvMfjm4XjXNS5M3XArXWcMHLnwF0mviRcqKLaG6h6Bb8IEEx11CBfheTe27I4ZRFhsa7l2jbH+bM1H88xOuU/k+J+9/rGzfw==

Decoded XML request:
<?xml version="1.0" encoding="UTF-8"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_e7160c1b1f80aed1df0f" Version="2.0" IssueInstant="2021-10-01T04:13:20.137Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="http://10.197.60.25:8081/api/v1/authentication/login_saml_callback/" Destination="http://10.197.65.10:8080/samlv2/login/998aa744-18a5-42b9-0dfe-e11f73d68a41">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">Sisense</saml:Issuer>
<samlp:NameIDPolicy xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" AllowCreate="true"/>
<samlp:RequestedAuthnContext xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Comparison="exact">
<saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

Hi
I am working on implementing SSO with different authentication methods
React Js application with Auth2
Sisense with SAML
I have followed the instruction as given in https://fusionauth.io/blog/2021/02/09/single-sign-on-sso-with-fusionauth/
Both applications were individually authenticated and return back as expected but it won't work SSO as expecting ( when the user has logged in and authenticated by one application he/she should be able to access the other one without authenticating )
SSO time out also set in to 10 hours in tenant
can someone help with this and give a suggestion?

I have attached configurations for both applications