Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23074

AuthnContextClassRef/PasswordProtectedTransport is not changed if SSO requires urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

XMLWordPrintable

    • Icon: Documentation task Documentation task
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • None
    • 6.0.19, 6.4.4, 7.0.0alpha2
    • Documentation (D)
    • None
    • LTS 6.0
    • S24-W22/23, S24-W26/27, DOC S25-W2/3
    • 2

      Steps to reproduce:

      1. try to configure SSO with ADFS
      2. configure SP name ID format to urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos (https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/users/authentication/saml)
      3. get error

      Result:
      SSO doesn't work

      Expected:
      Working SSO.

      Workaround - modify manually:

      grep -P "AuthnContextClassRef.*SAML" /usr/share/zabbix/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php
        <!-- <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> -->
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos</saml:AuthnContextClassRef>

        1. image.png
          image.png
          45 kB
        2. Screenshot 2024-05-17 at 10.29.32.png
          Screenshot 2024-05-17 at 10.29.32.png
          79 kB

            martins-v Martins Valkovskis
            edgar.akhmetshin Edgar Akhmetshin
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 0.5h
                0.5h