Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-23074

AuthnContextClassRef/PasswordProtectedTransport is not changed if SSO requires urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Unresolved
    • Icon: Blocker Blocker
    • None
    • 6.0.19, 6.4.4, 7.0.0alpha2
    • Documentation (D), Frontend (F)
    • None
    • LTS 6.0
    • S24-W22/23, S24-W26/27, DOC S25-W2/3
    • 2

      Steps to reproduce:

      1. try to configure SSO with ADFS
      2. configure SP name ID format to urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos (https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/users/authentication/saml)
      3. get error

      Result:
      SSO doesn't work

      Expected:
      Working SSO.

      Workaround - modify manually:

      grep -P "AuthnContextClassRef.*SAML" /usr/share/zabbix/vendor/onelogin/php-saml/src/Saml2/AuthnRequest.php
        <!-- <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef> -->
        <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos</saml:AuthnContextClassRef>

        1. image.png
          image.png
          45 kB
        2. Screenshot 2024-05-17 at 10.29.32.png
          Screenshot 2024-05-17 at 10.29.32.png
          79 kB

            martins-v Martins Valkovskis
            edgar.akhmetshin Edgar Akhmetshin
            Team Doc
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated: