cBioPortal Login error

已查看 125 次
跳至第一个未读帖子

Thomas Pauli

未读,
2021年7月8日 04:31:002021/7/8
收件人 cBioPortal for Cancer Genomics Discussion Group
Hi everyone,

I set up an instance of cBioPortal and Keycloak with docker and placed them behind an nginx reverse proxy and I was able to configure Keycloak and my cBioPortal settings according to these instructions: https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-and-authorizing-users-via-keycloak

Before connecting cBioPortal to our AD via LDAP, I wanted to test whether I set everything up correctly. I created a test user in Keycloak (under Users -> Add User), gave the user a password, made sure that they are enabled and that their email was verified.

When I access my cBioPortal instance, I get a Keycloak login screen, when I enter the user's login data I am redirected to an error page under this link: https://cbioportal.custom-domain.de/login.jsp?login_error=true. (https://cbioportal.custom-domain.de is just a stand-in for the actual domain name). A  screenshot of the error message is attached to my message.

When I disable authorization, I can access my study view just fine. When I enable authorization I am only forwarded to the error site when I give the correct credentials and I can access the account manager for this user via the default URL (https://cbioportal.custom-domain.de/auth/realms/cbioportal/account/), both of which means that the authentication within Keycloak seems to work. 

Do I need to perform additional steps to grant access to a user, or is there a problem with my setup resulting into a false redirect? I couldn't find any info on this in the cBioPortal documentation.

Best wishes,
Thomas Pauli

error_message.png

Pim van Nierop

未读,
2021年7月8日 06:03:282021/7/8
收件人 Thomas Pauli、cBioPortal for Cancer Genomics Discussion Group
Hi Thomas,

In cases like this it is prime to verify that the user's email address is correctly added to the SAML assertion. Can you verify whether the email address mapper has been created as described here? Also, it would be informative to see the SAML assertion received by cBioPortal. You can do this by installing the SAML chrome extension and inspecting the SAML response to the https://<domain>/saml/SSO endpoint. Can you paste this assertion here?

Bye, Pim

--
You received this message because you are subscribed to the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/36290e81-4de2-424d-a4c7-f574fad6229an%40googlegroups.com.


--

Pim van Nierop

Software Engineer / cBioPortal specialist


E p...@thehyve.nl

T +31(0)30 700 9713

M +31(0)6 29464525

W thehyve.nl



    
已删除帖子

Thomas Pauli

未读,
2021年7月9日 14:46:382021/7/9
收件人 cBioPortal for Cancer Genomics Discussion Group
Hi Pim,

thank you very much for your response. I think I have correctly configured the email address mapper (mappers.png and x500 Email.png). Let me know if you spot anything odd.

I used the SAML Chrome extension and attached it's outputs (SAML.txt and SAML Response.png).

Best wishes,
Thomas
mappers.png
SAML.txt
SAML Response.png
x500 Email.png
回复全部
回复作者
转发
0 个新帖子