The Assertion of the Response is not signed and the SP requires it

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問


問題

When logging in with SAML for Data Center you can't authenticate and receive the following error in the atlassian-bitbucket.log

2017-09-21 12:26:11,880 ERROR [http-nio-7990-exec-2] @1MAHJEQx746x27x0 16nwgem 172.18.0.1,172.18.0.3 "POST /plugins/servlet/samlconsumer HTTP/1.1" c.a.p.a.i.w.f.ErrorHandlingFilter Received invalid SAML response: The Assertion of the Response is not signed and the SP requires it
com.atlassian.plugins.authentication.impl.web.saml.provider.InvalidSamlResponse: Received invalid SAML response: The Assertion of the Response is not signed and the SP requires it
	at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.lambda$extractSamlResponse$1(OneloginJavaSamlProvider.java:89)
	at com.atlassian.plugin.util.ContextClassLoaderSwitchingUtil.runInContext(ContextClassLoaderSwitchingUtil.java:48)
	at com.atlassian.plugins.authentication.impl.web.saml.provider.impl.OneloginJavaSamlProvider.extractSamlResponse(OneloginJavaSamlProvider.java:80)
	at com.atlassian.plugins.authentication.impl.web.saml.SamlConsumerServlet.doPost(SamlConsumerServlet.java:87)
	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
	at com.atlassian.applinks.core.rest.context.ContextFilter.doFilter(ContextFilter.java:24)
	at com.atlassian.analytics.client.filter.UniversalAnalyticsFilter.doFilter(UniversalAnalyticsFilter.java:92)
	at com.atlassian.analytics.client.filter.AbstractHttpFilter.doFilter(AbstractHttpFilter.java:39)
	at com.atlassian.plugins.authentication.impl.web.filter.ErrorHandlingFilter.doFilter(ErrorHandlingFilter.java:8
(truncated)


原因

  1. The IDP signs the Response only, but not the Assertion. Currently Bitbucket requires the Assertion to be signed, so once the issuer check passes, the authentication fails with an error: "The Assertion of the Response is not signed and the SP requires it". 
  2. Trailing whitespace characters for com.atlassian.plugins.authentication.samlconfig.sso-issuer and com.atlassian.plugins.authentication.samlconfig.sso-url.  

ソリューション

  1. Configure the SAML identity provider to provide a signed Assertion.There should be a drop down option similar to the below:
  2. Remove any white spaces in Bitbucket's SAML configuration. 

 

最終更新日 2017 年 11 月 10 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.