snipe-it icon indicating copy to clipboard operation
snipe-it copied to clipboard

Published 20 hours ago verified publisher icon snipe

SAML Issue with OKTA

Open mcalibur opened this issue 2 years ago • 5 comments

Debug mode

Describe the bug

Hello, So I've tried to setup the SAML for okta. Followed all the steps needed ( https://snipe-it.readme.io/docs/saml ).

the nameID sended in the saml assertion is the same than the username of the the test user created on the snipe-it tenant. But unfortunately, I still have the error "Error There was a problem while trying to log you in, please try again.".

I've done a saml tracer to confirm that everythings good. Try to log in using "login via SAML" option. In the saml setting on snipe it everything is set as written on the procedure.

Reproduction steps

Set saml on okta Attribute the app launch it Error !

Expected behavior

The saml should work as intended.

Screenshots

Capture d’écran 2023-03-13 à 14 43 59

Snipe-IT Version

v6.0.14 build 9236 (g05a3f20d5)

Operating System

macOS

Web Server

NOne

PHP Version

8.0.27

Operating System

No response

Browser

No response

Version

No response

Device

No response

Operating System

No response

Browser

No response

Version

No response

Error messages

No response

Additional context

No response

mcalibur avatar Mar 13 '23 13:03 mcalibur

👋 Thanks for opening your first issue here! If you're reporting a 🐞 bug, please make sure you include steps to reproduce it. We get a lot of issues on this repo, so please be patient and we will get back to you as soon as we can.

welcome[bot] avatar Mar 13 '23 13:03 welcome[bot]

+1 also getting this exact same issue, might be related by also getting errors while setting up SCIM in Okta too:

Screenshot 2023-04-04 at 14 13 46

MuratDoganer avatar Apr 04 '23 13:04 MuratDoganer

I am having the same issue. Is there any update on this?

aakash13890 avatar Nov 21 '23 04:11 aakash13890

We have tons of users and customers using SAML with Okta and it (generally) works just fine.

The single BIGGEST problem we typically run into is if you try to log into a non-existent user. The user needs to already exist in Snipe-IT. We do not do just-in-time provisioning (because it doesn't make sense; only a small fraction of users typically log in to Snipe-IT - and those ones who don't would never get provisioned - which means you can't check things out to them). Second biggest is if your usernames don't line up to NameId's - that's how we determine who to log you in as.

Your best bet is to set LOG_LEVEL=debug in your .env, and look for errors in storage/logs/laravel.log. They might give you a clue as to what's going wrong.

uberbrady avatar Nov 21 '23 10:11 uberbrady

I was able to sort it out. I had to set up Okta app again with 'Okta username prefix' username format because that's the username format we have in snipe IT.

aakash13890 avatar Nov 21 '23 23:11 aakash13890

Glad to hear you're all sorted! In the future, if you've resolved your issue, please try to remember to close your ticket - it helps us out a lot. (We have to manage a lot of tickets.)

tenant-tyvm

snipe avatar Jun 15 '25 00:06 snipe