cBioPortal Login error

[Thomas Pauli]

Hi everyone,

I set up an instance of cBioPortal and Keycloak with docker and placed them behind an nginx reverse proxy and I was able to configure Keycloak and my cBioPortal settings according to these instructions: https://docs.cbioportal.org/2.2-authorization-and-authentication/authenticating-and-authorizing-users-via-keycloak

Before connecting cBioPortal to our AD via LDAP, I wanted to test whether I set everything up correctly. I created a test user in Keycloak (under Users -> Add User), gave the user a password, made sure that they are enabled and that their email was verified.

When I access my cBioPortal instance, I get a Keycloak login screen, when I enter the user's login data I am redirected to an error page under this link: https://cbioportal.custom-domain.de/login.jsp?login_error=true. (https://cbioportal.custom-domain.de is just a stand-in for the actual domain name). A  screenshot of the error message is attached to my message.

When I disable authorization, I can access my study view just fine. When I enable authorization I am only forwarded to the error site when I give the correct credentials and I can access the account manager for this user via the default URL (https://cbioportal.custom-domain.de/auth/realms/cbioportal/account/), both of which means that the authentication within Keycloak seems to work. 

Do I need to perform additional steps to grant access to a user, or is there a problem with my setup resulting into a false redirect? I couldn't find any info on this in the cBioPortal documentation.

Best wishes,

Thomas Pauli

[Pim van Nierop]

Hi Thomas,

In cases like this it is prime to verify that the user's email address is correctly added to the SAML assertion. Can you verify whether the email address mapper has been created as described here? Also, it would be informative to see the SAML assertion received by cBioPortal. You can do this by installing the SAML chrome extension and inspecting the SAML response to the https://<domain>/saml/SSO endpoint. Can you paste this assertion here?

Bye, Pim

--
You received this message because you are subscribed to the Google Groups "cBioPortal for Cancer Genomics Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cbioportal+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cbioportal/36290e81-4de2-424d-a4c7-f574fad6229an%40googlegroups.com.

--

Pim van Nierop

Software Engineer / cBioPortal specialist

E p...@thehyve.nl

T +31(0)30 700 9713

M +31(0)6 29464525

W thehyve.nl

    

[Thomas Pauli]

Hi Pim,

thank you very much for your response. I think I have correctly configured the email address mapper (mappers.png and x500 Email.png). Let me know if you spot anything odd.

I used the SAML Chrome extension and attached it's outputs (SAML.txt and SAML Response.png).

Best wishes,

Thomas