Here are the steps I've followed:
Despite these steps, the error persists. I suspect it might be related to missing configurations or dependencies in the Dockerized environment of cBioPortal.
The error message which I see from the container logs are as follows:
cbioportal-container | Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
cbioportal-container | 2024-07-19T13:08:22.058Z ERROR 131 --- [ main] o.s.b.d.LoggingFailureAnalysisReporter :
cbioportal-container |
cbioportal-container | ***************************
cbioportal-container | APPLICATION FAILED TO START
cbioportal-container | ***************************
cbioportal-container |
cbioportal-container | Description:
cbioportal-container |
cbioportal-container | Parameter 1 of method samlFilterChain in org.cbioportal.security.config.Saml2SecurityConfig required a bean of type 'org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository' that could not be found.
cbioportal-container |
cbioportal-container |
cbioportal-container | Action:
cbioportal-container |
cbioportal-container | Consider defining a bean of type 'org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository' in your configuration.
Screenshot attached for more reference.
My application properties for saml authentication is as follows:
# authentication
filter_groups_by_appname=false
saml.sp.metadata.entityid=cbioportal
saml.sp.metadata.wantassertionsigned=true
saml.idp.metadata.location=classpath:/client-tailored-saml-idp-metadata.xml
saml.idp.metadata.entityid=http://localhost:9080/realms/cbioportal
saml.keystore.location=classpath:/samlKeystore.jks
saml.keystore.password=*****
saml.keystore.private-key.key=secure-key
saml.keystore.private-key.password=****
saml.keystore.default-key=secure-key
saml.idp.comm.binding.settings=defaultBinding
saml.idp.comm.binding.type=
saml.idp.metadata.attribute.email=email
saml.idp.metadata.attribute.userName=username
saml.idp.metadata.attribute.role=Role
saml.custom.userservice.class=org.cbioportal.security.spring.authentication.keycloak.SAMLUserDetailsServiceImpl
# global logout (as opposed to local logout):
saml.logout.local=false
saml.logout.url=/
Docker compose.yml
version: '3'
services:
cbioportal:
restart: unless-stopped
image: ${DOCKER_IMAGE_CBIOPORTAL}
container_name: cbioportal-container
environment:
SHOW_DEBUG_INFO: "true"
PORTAL_HOME: "/cbioportal-webapp"
ports:
- "8080:8080"
volumes:
- ./study:/study/
- ./config/application.properties:/cbioportal-webapp/application.properties:ro
- ./config/logo/unilogo1.png:/cbioportal-webapp/webapp/images/unilogo1.png:ro
- ./kcdb-files/client-tailored-saml-idp-metadata.xml:/cbioportal-webapp/WEB-INF/classes/client-tailored-saml-idp-metadata.xml:ro
- ./kcdb-files/samlKeystore.jks:/cbioportal-webapp/WEB-INF/classes/samlKeystore.jks:ro
depends_on:
- cbioportal-database
- cbioportal-session
networks:
- cbio-net
# TODO: servlet-api should be excluded from deps in mvn, the removal below is just a quick fix
# This might be helpful: https://stackoverflow.com/questions/36233626
command: /bin/sh -c "rm -rf /cbioportal-webapp/lib/servlet-api-2.5.jar && java -Xms2g -Xmx4g -cp '/cbioportal-webapp:/cbioportal-webapp/lib/*' org.cbioportal.PortalApplication --spring.config.location=cbioportal-webapp/application.properties --authenticate=saml --session.service.url=http://cbioportal-session:5000/api/sessions/my_portal/"
Please let me know if you know if you have any solutions for it. Thank you, Appreciate your help.
Best regards,
Mohammed Asif Raza
Thank you for the previous guidance. I’ve made some progress but am still encountering issues with the SAML configuration between cBioPortal and Keycloak.
Current Status:
From the error I see, the link being redirected to is invalid:
http://localhost:9080/realms/cbioportal/protocol/saml
However, the metadata file also has the same link for SSO:
<md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo>
<ds:KeyName>QcdonjKsg6pZv7lliORMz4BELPVM4E0Rw0jY8Q6FHME</ds:KeyName>
<ds:X509Data>
<ds:X509Certificate>
certificate removed here for privacy==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://localhost:9080/realms/cbioportal/protocol/saml/resolve" index="0"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:9080/realms/cbioportal/protocol/saml"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:9080/realms/cbioportal/protocol/saml"/>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://localhost:9080/realms/cbioportal/protocol/saml"/>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
</md:NameIDFormat>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
</md:NameIDFormat>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
</md:NameIDFormat>
<md:NameIDFormat>
urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:9080/realms/cbioportal/protocol/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:9080/realms/cbioportal/protocol/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://localhost:9080/realms/cbioportal/protocol/saml"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://localhost:9080/realms/cbioportal/protocol/saml"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>