Re: ReviewBoard SSO with Azure AD

2024-02-26 Thread David Trowbridge 
Hi,

It looks like your server name is set to "https://example.com; in the
Review Board General Settings page. SAML requires the server name to be set
correctly to whatever domain your IdP is expecting.

David

On Mon, Feb 26, 2024 at 9:23 AM Enzo  wrote:

> Hello!
>
> I was wondering if anyone had more precise instructions on configuring
> Sign-on with SAML for a web application with Azure AD (Now Entra ID).
>
> I have created an enterprise application and enabled SAML. However, when I
> try to use "Log in with SAML" on the application, I receive a 502 Bad
> Gateway error code.
>
> In the Docker-compose logs, I can find the following error:
>
>
>- nginx_1| 172.23.0.6 - - [26/Feb/2024:05:08:57 +] "GET
>/jsi18n/ HTTP/1.1" 304 0 "https://example.com/account/login/?next=/;
>"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
>Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
>- reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] GET
>/account/sso/saml/login/
>- nginx_1| 172.23.0.6 - - [26/Feb/2024:05:08:57 +] "GET
>/account/sso/saml/login/?next=/ HTTP/1.1" 302 0 "
>https://example.com/account/login/?next=/; "Mozilla/5.0 (Windows NT
>10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/
>121.0.0.0 Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
>- reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] Closing
>connection.
>- reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] GET
>/health/
>- reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] Closing
>connection.
>- reviewboard_1  | [2024-02-26 05:08:59 +] [2309] [DEBUG] POST
>/account/sso/saml/acs/
>- reviewboard_1  | [2024-02-26 05:08:59 +] [20] [ERROR] Worker
>(pid:2309) was sent code 139!
>- nginx_1| 2024/02/26 05:08:59 [error] 35#35: *136 upstream
>prematurely closed connection while reading response header from upstream,
>client: 172.23.0.6, server: example.com, request: "POST
>/account/sso/saml/acs/ HTTP/1.1", upstream: "
>http://172.23.0.5:8080/account/sso/saml/acs/;, host: "example.com",
>referrer: "https://login.microsoftonline.com/;
>- nginx_1| 172.23.0.6 - - [26/Feb/2024:05:08:59 +] "POST
>/account/sso/saml/acs/ HTTP/1.1" 502 559 "
>https://login.microsoftonline.com/; "Mozilla/5.0 (Windows NT 10.0;
>Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0
>Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
>- reviewboard_1  | [2024-02-26 05:08:59 +] [2437] [INFO] Booting
>worker with pid: 2437
>- reviewboard_1  | [2024-02-26 05:09:28 +] [2421] [DEBUG] GET
>/health/
>- reviewboard_1  | [2024-02-26 05:09:28 +] [2421] [DEBUG] Closing
>connection.
>
>
> Regarding authentication settings, I picked these options:
>
>
>- Signature algorithm: DSA-SHA1
>- Digest algorithm: SHA1
>- NameID format: Email address
>- Custom email attribute: user.mail
>- Custom first name attribute: user.firstname
>- Custom last name attribute: user.lastname
>- Custom full name attribute: user.fullname
>
>
> Additionally, I'm using Caddy as a reverse proxy within the same
> Docker-compose file, which handles HTTPS.
>
> Thanks in advance!
>
> --
> Supercharge your Review Board with Power Pack:
> https://www.reviewboard.org/powerpack/
> Want us to host Review Board for you? Check out RBCommons:
> https://rbcommons.com/
> Happy user? Let us know! https://www.reviewboard.org/users/
> ---
> You received this message because you are subscribed to the Google Groups
> "Review Board Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to reviewboard+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/reviewboard/864c8860-5174-47b8-86b7-269d2cb7093en%40googlegroups.com
> 
> .
>

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/reviewboard/CAFS3VNXJpQCGfbp%3D9KL2ESfpjptH%3DvKmz7%2BZC__VbhvY0vCvBw%40mail.gmail.com.

ReviewBoard SSO with Azure AD

2024-02-26 Thread Enzo 
Hello!

I was wondering if anyone had more precise instructions on configuring 
Sign-on with SAML for a web application with Azure AD (Now Entra ID).

I have created an enterprise application and enabled SAML. However, when I 
try to use "Log in with SAML" on the application, I receive a 502 Bad 
Gateway error code.

In the Docker-compose logs, I can find the following error:


   - nginx_1| 172.23.0.6 - - [26/Feb/2024:05:08:57 +] "GET 
   /jsi18n/ HTTP/1.1" 304 0 "https://example.com/account/login/?next=/; 
   "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like 
   Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
   - reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] GET 
   /account/sso/saml/login/
   - nginx_1| 172.23.0.6 - - [26/Feb/2024:05:08:57 +] "GET 
   /account/sso/saml/login/?next=/ HTTP/1.1" 302 0 
   "https://example.com/account/login/?next=/; "Mozilla/5.0 (Windows NT 10.0; 
   Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 
   Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
   - reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] Closing 
   connection.
   - reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] GET 
   /health/
   - reviewboard_1  | [2024-02-26 05:08:57 +] [2421] [DEBUG] Closing 
   connection.
   - reviewboard_1  | [2024-02-26 05:08:59 +] [2309] [DEBUG] POST 
   /account/sso/saml/acs/
   - reviewboard_1  | [2024-02-26 05:08:59 +] [20] [ERROR] Worker 
   (pid:2309) was sent code 139!
   - nginx_1| 2024/02/26 05:08:59 [error] 35#35: *136 upstream 
   prematurely closed connection while reading response header from upstream, 
   client: 172.23.0.6, server: example.com, request: "POST 
   /account/sso/saml/acs/ HTTP/1.1", upstream: 
   "http://172.23.0.5:8080/account/sso/saml/acs/;, host: "example.com", 
   referrer: "https://login.microsoftonline.com/;
   - nginx_1| 172.23.0.6 - - [26/Feb/2024:05:08:59 +] "POST 
   /account/sso/saml/acs/ HTTP/1.1" 502 559 
   "https://login.microsoftonline.com/; "Mozilla/5.0 (Windows NT 10.0; Win64; 
   x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 
   Edg/121.0.0.0" "125.102.190.34"
   - reviewboard_1  | [2024-02-26 05:08:59 +] [2437] [INFO] Booting 
   worker with pid: 2437
   - reviewboard_1  | [2024-02-26 05:09:28 +] [2421] [DEBUG] GET 
   /health/
   - reviewboard_1  | [2024-02-26 05:09:28 +] [2421] [DEBUG] Closing 
   connection.


Regarding authentication settings, I picked these options:


   - Signature algorithm: DSA-SHA1
   - Digest algorithm: SHA1
   - NameID format: Email address
   - Custom email attribute: user.mail
   - Custom first name attribute: user.firstname
   - Custom last name attribute: user.lastname
   - Custom full name attribute: user.fullname


Additionally, I'm using Caddy as a reverse proxy within the same 
Docker-compose file, which handles HTTPS.

Thanks in advance!

-- 
Supercharge your Review Board with Power Pack: 
https://www.reviewboard.org/powerpack/
Want us to host Review Board for you? Check out RBCommons: 
https://rbcommons.com/
Happy user? Let us know! https://www.reviewboard.org/users/
--- 
You received this message because you are subscribed to the Google Groups 
"Review Board Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/reviewboard/864c8860-5174-47b8-86b7-269d2cb7093en%40googlegroups.com.