Codimd: /auth/saml/callback returns 404
Hi, I'm trying to log into codimd with a private idp, but when I access
This is my config.json section under "product", I'm using docker-compose up to launch the server.
"saml": {
"attribute": {
"id": "hackmd_id",
"username": "hackmd_name",
"email": "[email protected]"
}
"issuer": "hackmd.pdis.rock",
"identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
"idpSsoUrl": "https://saml.legacy.nat.gov.tw/saml/sso",
"idpCert": "/opt/docker-hackmd/pem"
}
Does SAML login needs some steps outside documents to turn on? Thank you.
urakagi
All 21 comments
Do you do a get or a post request? Should be a POST, a GET will of course end up in a 404.
Can you provide error logs?
SISheogorath
on 27 Jun 2018
Oops, I did a GET.
This is what I see when doing POST by saml-idp. It's a idp-initiated login session.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot POST /auth/saml</pre>
</body>
</html>
@urakagi
The SAML procedure is action as below in order:
- User
GETserver/auth/saml - Server redirect to designated SAML idp entrypoint
- SAML idp will do the auth step
- SAML idp
POSTto server/auth/saml/callback
jackycute
on 29 Jun 2018
@jackycute Okay, when I GET https://hackmd.pdis.rocks/auth/saml in a browser, I have a 404 Not Found oops. response.
I read the one-login docs (the link is broken though), but it does not mention anything other than modifying config.json or env variables.
urakagi
on 3 Jul 2018
Please read this: https://github.com/hackmdio/codimd/blob/master/docs/guides/auth/saml-onelogin.md
Also, please restart your server after any configuration.
jackycute
on 3 Jul 2018
You should be able to signin via the "Sign in via SAML" button in the signin modal which triggered by the "Sign In" button (on the top right of index page) after you done the SAML configs.
jackycute
on 3 Jul 2018
@jackycute I don't see the "Sign in via SAML" option. This is our server's screenshot: https://imgur.com/a/SdX9AMm
It's a docker version.
urakagi
on 3 Jul 2018
If so, that should work.
How do you give the configs? config.json or env vars?
Could you paste your configs here? (please obfuscate keys)
jackycute
on 3 Jul 2018
What version of CodiMD/HackMD are you running?
SISheogorath
on 3 Jul 2018
@jackycute I give the configs by config.json. This is it:
{
"production": {
"urladdport": true,
"email": true,
"db": {
"username": "***",
"password": "***",
"database": "hackmd",
"host": "hackmdPostgres",
"port": "5432",
"dialect": "postgres"
},
"saml": {
"attribute": {
"id": "hackmd_id",
"username": "hackmd_name",
"email": "[email protected]"
}
"issuer": "hackmd.pdis.rock",
"identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
"idpSsoUrl": "https://saml.legacy.nat.gov.tw/saml/sso",
"idpCert": "/opt/docker-hackmd/saml_idp_cert.pem"
}
}
}
@SISheogorath It's hackmdio/hackmd:1.0.1-ce in docker-compose.yml.
urakagi
on 3 Jul 2018
Are you running in production? NODE_ENV=production
jackycute
on 3 Jul 2018
When you run the docker version you need to rebuild your image when you want to use config.json.
We recommend to NOT use the config.json for docker based setups. Instead use the environment variables. The config.json is only for building the docker image.
SISheogorath
on 3 Jul 2018
@SISheogorath That could be the problem. Do I write the environment variables into .env file in the same directory as config.json? Or I need a shell script for it?
Also, the correct variable prefix is CMD_ or HMD_?
urakagi
on 3 Jul 2018
I think both .env or declare in docker-compose.yml should do the trick.
And yes, for sure you need to docker-compose up again.
jackycute
on 3 Jul 2018
@urakagi Add the configs to this section: https://github.com/hackmdio/docker-hackmd/blob/master/docker-compose.yml#L51-L57
And use HMD_ as prefix. As you are not using 1.2.0 right now it's all in HackMD mode ;)
For 1.2.0 probably wait for 1.2.1 before updating, we have some migration issues around. :/
SISheogorath
on 3 Jul 2018
@jackycute @SISheogorath Many thanks! Is this correct? I still don't see SAML login option.
environment:
- POSTGRES_USER=hackmd
- POSTGRES_PASSWORD=hackmdpass
- POSTGRES_DB=hackmd
- HMD_SAML_IDPSSOURL=https://legacy.pdis.nat.gov.tw/saml/sso
- HMD_SAML_IDPCERT=/opt/docker-hackmd/idp_cert.pemi
- HMD_SAML_ISSUER=hackmd.pdis.rock
- HMD_SAML_IDENTIFIERFORMAT=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
volumes:
@urakagi That's env vars for postgresql, not the app.
You should put under this line: https://github.com/hackmdio/docker-hackmd/blob/master/docker-compose.yml#L57
jackycute
on 3 Jul 2018
@jackycute Oops, that's the reason. Thank you very much.
urakagi
on 3 Jul 2018
In the line of HMD_SAML_IDPCERT=/opt/docker-hackmd/saml_idp_cert.pem:
I get an error of:
uncaughtException: ENOENT: no such file or directory, open '/opt/docker-hackmd/saml_idp_cert.pem
What is the correct path of the pem file, or do I need to rebuild image?
urakagi
on 3 Jul 2018
@urakagi if you want to include it into your container, you need to mount it in there.
Please refer to:
https://docs.docker.com/storage/volumes/
https://docs.docker.com/compose/compose-file/compose-file-v2/#volumes
SISheogorath
on 3 Jul 2018
@SISheogorath Thank you, I have turned on the SAML login successfully. I'll close this issue/question and advance to next step :)
urakagi
on 4 Jul 2018
Related issues
nitwhiz
路
4Comments
qiuwch
路
3Comments
ccoenen
路
4Comments
dsprenkels
路
3Comments
Someniak
路
3Comments
Most helpful comment
When you run the docker version you need to rebuild your image when you want to use config.json.
We recommend to NOT use the config.json for docker based setups. Instead use the environment variables. The config.json is only for building the docker image.