Similar problem to [SAML] Service Provider meta data file

[Noelia Rodríguez]

Hello everyone,

I have a similar problem to this post "[SAML] Service Provider meta data file" but I can not solve it and maybe you can help me to spot the mistake. I am working inside a Qemu/KVM Virtual Machine from Proxmox were I installed all these docker containers:

This is my docker-compose.yml:
```

version: '3'

services:

cbioportal:

restart: unless-stopped

image: ${DOCKER_IMAGE_CBIOPORTAL}

container_name: cbioportal-container

environment:

SHOW_DEBUG_INFO: "true"

ports:

- "8080:8080"

volumes:

- ./study:/study/

- ./logo.jpg:/cbioportal-webapp/images/logo.jpg

- ./config/portal.properties:/cbioportal/portal.properties:ro

- ./client-tailored-saml-idp-metadata.xml:/cbioportal-webapp/WEB-INF/classes/client-tailored-saml-idp-metadata.xml

- ./samlKeystore.jks:/cbioportal-webapp/WEB-INF/classes/samlKeystore.jks

command: /bin/sh -c "java -Xms4g -Xmx4g -Dauthenticate=saml -Dsession.service.url=http://cbioportal-session:5000/api/sessions/my_portal/ -jar webapp-runner.jar -AmaxHttpHeaderSize=16384 -AconnectionTimeout=20000 --enable-compression --proxy-base-url https://cbioportal.bioinfo.lan:443 /cbioportal-webapp"

depends_on:

- cbioportal-database

- cbioportal-session

networks:

- cbio-net

cbioportal-database:

restart: unless-stopped

image: ${DOCKER_IMAGE_MYSQL}

container_name: cbioportal-database-container

environment:

MYSQL_DATABASE: cbioportal

MYSQL_USER: ${CBIOPORTALDB_MYSQL_USER}

MYSQL_PASSWORD: ${CBIOPORTALDB_MYSQL_PASSWORD}

MYSQL_ROOT_PASSWORD: ${CBIOPORTALDB_MYSQL_ROOT_PASSWORD}

volumes:

- ./data/cgds.sql:/docker-entrypoint-initdb.d/cgds.sql:ro

- ./data/seed.sql.gz:/docker-entrypoint-initdb.d/seed.sql.gz:ro

- cbioportal_mysql_data:/var/lib/mysql

networks:

- cbio-net

cbioportal-session:

restart: unless-stopped

image: ${DOCKER_IMAGE_SESSION_SERVICE}

container_name: cbioportal-session-container

environment:

SERVER_PORT: 5000

JAVA_OPTS: -Dspring.data.mongodb.uri=mongodb://cbioportal-session-database:27017/session-service

depends_on:

- cbioportal-session-database

networks:

- cbio-net

cbioportal-session-database:

restart: unless-stopped

image: mongo:4.2

container_name: cbioportal-session-database-container

environment:

MONGO_INITDB_DATABASE: session_service

volumes:

- cbioportal_mongo_data:/data/db

networks:

- cbio-net

kcdb:

networks:

- cbio-net

image: ${DOCKER_IMAGE_MYSQL}

container_name: kcdb

restart: always

volumes:

- cbioportal_kcdb_data:/var/lib/mysql

environment:

- MYSQL_ROOT_PASSWORD=${KCDB_MYSQL_ROOT_PASSWORD}

- MYSQL_USER=${KCDB_MYSQL_USER}

- MYSQL_PASSWORD=${KCDB_MYSQL_PASSWORD}

- MYSQL_DATABASE=keycloak

keycloak:

networks:

- cbio-net

container_name: cbiokc

image: quay.io/keycloak/keycloak:10.0.0

restart: unless-stopped

depends_on:

- kcdb

ports:

- "8180:8080"

environment:

- PROXY_ADDRESS_FORWARDING=true

- DB_VENDOR=mysql

- DB_ADDR=kcdb

- DB_DATABASE=keycloak

- DB_USER=${MY_DB_USER}

- DB_PASSWORD=${MY_DB_PASSWORD}

- KEYCLOAK_USER=${MY_KEYCLOAK_USER}

- KEYCLOAK_PASSWORD=${MY_KEYCLOAK_PASSWORD}

- KEYCLOAK_PROXY=edge

nginx:

restart: unless-stopped

networks:

- cbio-net

image: nginx:1.25.4

container_name: nginx

volumes:

- ./nginx.conf:/etc/nginx/nginx.conf:ro

- ./cbioportal.bioinfo.lan.crt:/etc/nginx/cbioportal.bioinfo.lan.crt:ro

- ./cbioportal.bioinfo.lan.key:/etc/nginx/cbioportal.bioinfo.lan.key:ro

ports:

- "80:80"

- "443:443"

depends_on:

- keycloak

networks:

cbio-net:

volumes:

cbioportal_mysql_data:

cbioportal_mongo_data:

cbioportal_kcdb_data:

```
This is my config/portal.properties:

This is my client-tailored-saml-idp-metadata.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
  ~ and other contributors as indicated by the @author tags.
  ~
  ~ Licensed under the Apache License, Version 2.0 (the "License");
  ~ you may not use this file except in compliance with the License.
  ~ You may obtain a copy of the License at
  ~
  ~ http://www.apache.org/licenses/LICENSE-2.0
  ~
  ~ Unless required by applicable law or agreed to in writing, software
  ~ distributed under the License is distributed on an "AS IS" BASIS,
  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  ~ See the License for the specific language governing permissions and
  ~ limitations under the License.
  -->
<EntitiesDescriptor Name="urn:keycloak" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
  <EntityDescriptor entityID="https://cbioportal.bioinfo.lan/auth/realms/cbioportal">
    <IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
                        <KeyDescriptor use="signing">
                          <dsig:KeyInfo>
                            <dsig:KeyName><key></dsig:KeyName>
                            <dsig:X509Data>
                              <dsig:X509Certificate><certificate></dsig:X509Certificate>
                            </dsig:X509Data>
                          </dsig:KeyInfo>
                        </KeyDescriptor>

      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cbioportal.bioinfo.lan/auth/realms/cbioportal/protocol/saml"/>
      <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cbioportal.bioinfo.lan/auth/realms/cbioportal/protocol/saml"/>
      <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
      <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
      <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
      <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://cbioportal.bioinfo.lan/auth/realms/cbioportal/protocol/saml"/>
      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://cbioportal.bioinfo.lan/auth/realms/cbioportal/protocol/saml"/>
      <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://cbioportal.bioinfo.lan/auth/realms/cbioportal/protocol/saml"/>
    </IDPSSODescriptor>
  </EntityDescriptor>
</EntitiesDescriptor>

These are my Keycloak settings:

This is my nginx.conf file:

events {}

http {

    upstream keycloakServer {
        server 192.168.80.6:8080;
    }

    server {
        listen 443 ssl default_server;  # Listening on port 443 for HTTPS traffic
        #http2 on;
        server_name cbioportal.bioinfo.lan;

        ssl_certificate /etc/nginx/cbioportal.bioinfo.lan.crt;
        ssl_certificate_key /etc/nginx/cbioportal.bioinfo.lan.key;
        
        location / { 
            proxy_pass         http://cbioportal-container:8080; # Your backend server

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
       
        location /auth { 
            proxy_pass         http://keycloakServer; # Your backend server

            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

        }
    }
}
When I click https://cbioportal.bioinfo.lan/ this appears

But I enter user and pasword and instead of going to my cbioportal instance, this website appears:

Although in keycloak appears that this user is logged in:

Last lines of docker logs cbioportal-container:
----------------------------------------------------------------------------------------------------------------
-- You are connecting to the OncoKB public instance which does not include any therapeutic information.
-- Please consider obtaining a license to support future OncoKB development by following https://docs.cbioportal.org/2.4-integration-with-other-webservices/oncokb-data-access.
-- Thank you.
----------------------------------------------------------------------------------------------------------------

Sep 10, 2024 8:01:58 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring DispatcherServlet 'api'
08:01:58.307 [localhost-startStop-1] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'api'
08:01:59.201 [localhost-startStop-1] INFO  o.h.validator.internal.util.Version - HV000001: Hibernate Validator 5.3.4.Final
08:01:59.354 [localhost-startStop-1] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.validation.beanvalidation.LocalValidatorFactoryBean#31f4a0ca' of type [org.springframework.validation.beanvalidation.LocalValidatorFactoryBean] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
08:01:59.371 [localhost-startStop-1] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'appConfig' of type [org.cbioportal.service.util.AppConfig$$EnhancerBySpringCGLIB$$f6695f5a] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
08:02:01.160 [localhost-startStop-1] INFO  o.c.persistence.CacheEnabledConfig - Cache is enabled: false
08:02:03.291 [localhost-startStop-1] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 4984 ms
Sep 10, 2024 8:02:03 AM org.apache.catalina.core.ApplicationContext log
08:02:03.294 [localhost-startStop-1] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'url_shortener'
INFO: Initializing Spring DispatcherServlet 'url_shortener'
08:02:03.386 [localhost-startStop-1] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 92 ms
08:02:03.387 [localhost-startStop-1] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'proxy'
Sep 10, 2024 8:02:03 AM org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring DispatcherServlet 'proxy'
08:02:03.473 [localhost-startStop-1] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 85 ms
Sep 10, 2024 8:02:03 AM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-nio-8080"]
08:02:03.720 [http-nio-8080-exec-1] INFO  o.s.s.s.m.MetadataGeneratorFilter - No default metadata configured, generating with default values, please pre-configure metadata for production use
08:02:03.857 [http-nio-8080-exec-1] INFO  o.s.s.s.m.MetadataGeneratorFilter - Created default metadata for system with entityID: cbioportal
08:02:03.989 [http-nio-8080-exec-1] WARN  io.sentry.dsn.Dsn - *** Couldn't find a suitable DSN, Sentry operations will do nothing! See documentation: https://docs.sentry.io/clients/java/ ***
08:02:04.023 [http-nio-8080-exec-1] WARN  io.sentry.DefaultSentryClientFactory - No 'stacktrace.app.packages' was configured, this option is highly recommended as it affects stacktrace grouping and display on Sentry. See documentation: https://docs.sentry.io/clients/java/config/#in-application-stack-frames
08:02:04.261 [http-nio-8080-exec-3] INFO  o.s.s.saml.log.SAMLDefaultLogger - AuthNRequest;SUCCESS;192.168.80.8;cbioportal;https://cbioportal.bioinfo.lan/auth/realms/cbioportal;;;
08:02:21.196 [http-nio-8080-exec-4] INFO  o.o.c.b.s.SAMLProtocolMessageXMLSignatureSecurityPolicyRule - Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response
08:02:21.197 [http-nio-8080-exec-4] ERROR o.o.c.b.d.BaseSAMLMessageDecoder - SAML message intended destination endpoint 'https://cbioportal.bioinfo.lan:443/saml/SSO' did not match the recipient endpoint 'http://cbioportal.bioinfo.lan/saml/SSO'
08:34:03.973 [http-nio-8080-exec-8] INFO  o.s.s.saml.log.SAMLDefaultLogger - AuthNRequest;SUCCESS;192.168.80.8;cbioportal;https://cbioportal.bioinfo.lan/auth/realms/cbioportal;;;
08:36:46.109 [http-nio-8080-exec-9] INFO  o.o.c.b.s.SAMLProtocolMessageXMLSignatureSecurityPolicyRule - Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response
08:36:46.110 [http-nio-8080-exec-9] ERROR o.o.c.b.d.BaseSAMLMessageDecoder - SAML message intended destination endpoint 'https://cbioportal.bioinfo.lan:443/saml/SSO' did not match the recipient endpoint 'http://cbioportal.bioinfo.lan/saml/SSO'

Last lines of docker logs keycloak:
08:33:52,427 WARN  [org.keycloak.protocol.saml.SamlProtocol] (default task-40) failed to send saml logout: java.net.UnknownHostException: cbioportal.bioinfo.lan: Name or service not known
	at java.base/java.net.Inet4AddressImpl.lookupAllHostAddr(Native Method)
	at java.base/java.net.InetAddress$PlatformNameService.lookupAllHostAddr(InetAddress.java:929)
	at java.base/java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1515)
	at java.base/java.net.InetAddress$NameServiceAddresses.get(InetAddress.java:848)
	at java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1505)
	at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1364)
	at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1298)
	at org.apache.httpcomponents.core//org.apache.http.impl.conn.SystemDefaultDnsResolver.resolve(SystemDefaultDnsResolver.java:45)
	at org.apache.httpcomponents.core//org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:112)
	at org.apache.httpcomponents.core//org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
	at org.apache.httpcomponents.core//org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
	at org.apache.httpcomponents.core//org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.httpcomponents.core//org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
	at org.apache.httpcomponents.core//org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.httpcomponents.core//org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.httpcomponents.core//org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
	at org.apache.httpcomponents.core//org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
	at org.keycloak.ke...@10.0.0//org.keycloak.protocol.saml.SamlProtocol.backchannelLogout(SamlProtocol.java:705)
	at org.keycloak.ke...@10.0.0//org.keycloak.services.managers.AuthenticationManager.backchannelLogoutClientSession(AuthenticationManager.java:407)
	at org.keycloak.ke...@10.0.0//org.keycloak.services.managers.AuthenticationManager.lambda$backchannelLogoutAll$1(AuthenticationManager.java:314)
	at java.base/java.util.HashMap$Values.forEach(HashMap.java:976)
	at java.base/java.util.Collections$UnmodifiableCollection.forEach(Collections.java:1085)
	at org.keycloak.ke...@10.0.0//org.keycloak.services.managers.AuthenticationManager.backchannelLogoutAll(AuthenticationManager.java:313)
	at org.keycloak.ke...@10.0.0//org.keycloak.services.managers.AuthenticationManager.backchannelLogout(AuthenticationManager.java:247)
	at org.keycloak.ke...@10.0.0//org.keycloak.services.managers.AuthenticationManager.backchannelLogout(AuthenticationManager.java:215)
	at org.keycloak.ke...@10.0.0//org.keycloak.services.resources.admin.UserResource.logout(UserResource.java:543)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:138)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:526)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:415)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:376)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:378)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:347)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:150)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:110)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:141)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:110)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:141)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:110)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:141)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:104)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:440)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:356)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
	at org.jboss.restea...@3.11.0.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
	at javax.se...@2.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:590)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at org.keycloak.ke...@10.0.0//org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:91)
	at io.undert...@2.0.30.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at io.under...@2.0.30.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at io.under...@2.0.30.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.under...@2.0.30.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at io.under...@2.0.30.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at io.under...@2.0.30.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at io.under...@2.0.30.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at io.under...@2.0.30.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at io.under...@2.0.30.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at io.under...@2.0.30.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
	at io.undert...@2.0.30.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at io.undert...@2.0.30.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
	at org.wildfly.ext...@19.0.0.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1541)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
	at io.undert...@2.0.30.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
	at io.under...@2.0.30.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
	at io.under...@2.0.30.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
	at org.jbos...@2.3.3.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at org.jbos...@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
	at org.jbos...@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at org.jbos...@2.3.3.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Thread.java:834)

I would appreciate any help, beacause there is incomplete information everywhere. And I'm in an infinite loop trying different things I find in the web without success. 

Kind regards,
Noelia

-- 
Noelia Rodríguez
Unidad de Bioinformática

Este mensaje y sus archivos adjuntos son confidenciales y únicamente podrán ser usados por la persona o entidad a la que van dirigidos. Este mensaje puede contener información confidencial o legalmente protegida. No hay renuncia a la confidencialidad o secreto profesional por cualquier transmisión defectuosa o errónea. Si usted ha recibido este mensaje por error notifíqueselo inmediatamente al remitente.
Le informamos que los datos personales que usted nos ha proporcionado son tratados por FUNDACIÓN PARA LA INVESTIGACIÓN BIOMÉDICA DEL HOSPITAL UNIVERSITARIO GREGORIO MARAÑÓN, domiciliada en la calle Doctor Esquerdo 46, Pabellón de Gobierno, planta baja, 28007 de Madrid, con la finalidad de gestionar y mantener las relaciones profesionales que nos unen con Usted. Sus datos podrán ser comunicados a las entidades y administraciones públicas necesarias para la realización de dicha gestión. Este tratamiento de datos es necesario para mantener dicha relación profesional. Los datos se eliminarán cuando finalicen los plazos de prescripción marcados por la ley, conservándose únicamente para atender posibles reclamaciones.
Ud. puede ejercer sus derechos de acceso, rectificación, supresión, oposición y a no ser objeto de decisiones individuales automatizadas (incluida la elaboración de perfiles), portabilidad y limitación del tratamiento de sus datos dirigiéndose a FUNDACIÓN PARA LA INVESTIGACIÓN BIOMÉDICA DEL HOSPITAL UNIVERSITARIO GREGORIO MARAÑÓN, a la dirección calle Doctor Esquerdo 46, Pabellón de Gobierno, planta baja, 28007 de Madrid, o vía correo electrónico al email gere...@fibhgm.org, acompañando copia de su DNI acreditando debidamente su identidad. En cualquier situación, Ud. tiene derecho a presentar una reclamación ante la Agencia Española de Protección de Datos (AEPD).
Datos Delegado de Protección de Datos (DPO) de FUNDACIÓN PARA LA INVESTIGACIÓN BIOMÉDICA DEL HOSPITAL UNIVERSITARIO GREGORIO MARAÑÓN:
Alaro Avant, S.L.
Avda. de Brasil 17, 7C, 28020, Madrid
dpo.fibgreg...@alaroavant.com

[Gaofei Zhao]

Hi Noelia,

It seems your configuration is not for the latest cbioportal version 6, please let me know which cbioportal version you are using. If you are using cbioportal version 6, you need to modify the saml properties, you can find the related documentation  here.

Best,

Gaofei

--
You received this message because you are subscribed to the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/6c9a6f70f1bf1fa6be7a34b484df28e2c4456371.camel%40iisgm.com.

[Noelia Rodríguez]

Hi Gaofei,

Thanks for answering, as you can see in my first picture (that I attached to report all the docker versions I'm working with) I'm using cbioportal:5.4.10. I would appreciate any suggestion for solving my problem. Thank you very much!

Best,

Noelia

Instituto de Investigación Sanitaria Gregorio Marañón (IiSGM)
Doctor Esquerdo 46, 28007 Madrid, España
(+34) 915 290 724

[Noelia Rodríguez]

Sorry for writing again, but  in https://github.com/cBioPortal/icebox/issues/182 I found that besides adding --proxy-base-url, it seems that when running cBioPortal in an old-school Tomcat process behind a reverse proxy  we need to make sure X-Forwarded-Proto HTTP header is set by your reverse proxy and add the RemoveIpValve to your configuration (cbioportal-specific or server.xml). I asked how I could add the RemoveIpValve when we are working with cbioportal docker containers,  because I though maybe it was the reason I have these problems. But I haven't receive any answer yet. Do you think it could be the case?  

Many thanks. 

Best,

Noelia

On Wed, 2024-09-11 at 17:07 -0400, Gaofei Zhao wrote:

-- 

Instituto de Investigación Sanitaria Gregorio Marañón (IiSGM)
Doctor Esquerdo 46, 28007 Madrid, España
(+34) 915 290 724

[Gaofei Zhao]

Hi Noelia,

Sorry for the late reply, I reviewed your settings on your end and I think what you showed to us looks good, I don't see any obvious issues. I also discussed with my colleague and here are two things you might double-check in your keycloak client:

• Could you take a look at the mappers settings to see if you have necessary mappers like we described here
• Could you double-check the roles for your test user, sometimes user get defaulted with unregistered user and even though they get a session they aren't allowed to authenticate
  

Hope this helps,

Best,

Gaofei