Hello!
I was wondering if anyone had more precise instructions on configuring Sign-on with SAML for a web application with Azure AD (Now Entra ID).
I have created an enterprise application and enabled SAML. However, when I try to use "Log in with SAML" on the application, I receive a 502 Bad Gateway error code.
In the Docker-compose logs, I can find the following error:
- nginx_1 | 172.23.0.6 - - [26/Feb/2024:05:08:57 +0000] "GET /jsi18n/ HTTP/1.1" 304 0 "https://example.com/account/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
- reviewboard_1 | [2024-02-26 05:08:57 +0000] [2421] [DEBUG] GET /account/sso/saml/login/
- nginx_1 | 172.23.0.6 - - [26/Feb/2024:05:08:57 +0000] "GET /account/sso/saml/login/?next=/ HTTP/1.1" 302 0 "https://example.com/account/login/?next=/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
- reviewboard_1 | [2024-02-26 05:08:57 +0000] [2421] [DEBUG] Closing connection.
- reviewboard_1 | [2024-02-26 05:08:57 +0000] [2421] [DEBUG] GET /health/
- reviewboard_1 | [2024-02-26 05:08:57 +0000] [2421] [DEBUG] Closing connection.
- reviewboard_1 | [2024-02-26 05:08:59 +0000] [2309] [DEBUG] POST /account/sso/saml/acs/
- reviewboard_1 | [2024-02-26 05:08:59 +0000] [20] [ERROR] Worker (pid:2309) was sent code 139!
- nginx_1 | 2024/02/26 05:08:59 [error] 35#35: *136 upstream prematurely closed connection while reading response header from upstream, client: 172.23.0.6, server: example.com, request: "POST /account/sso/saml/acs/ HTTP/1.1", upstream: "http://172.23.0.5:8080/account/sso/saml/acs/", host: "example.com", referrer: "https://login.microsoftonline.com/"
- nginx_1 | 172.23.0.6 - - [26/Feb/2024:05:08:59 +0000] "POST /account/sso/saml/acs/ HTTP/1.1" 502 559 "https://login.microsoftonline.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Edg/121.0.0.0" "125.102.190.34"
- reviewboard_1 | [2024-02-26 05:08:59 +0000] [2437] [INFO] Booting worker with pid: 2437
- reviewboard_1 | [2024-02-26 05:09:28 +0000] [2421] [DEBUG] GET /health/
- reviewboard_1 | [2024-02-26 05:09:28 +0000] [2421] [DEBUG] Closing connection.
Regarding authentication settings, I picked these options:
- Signature algorithm: DSA-SHA1
- Digest algorithm: SHA1
- NameID format: Email address
- Custom email attribute: user.mail
- Custom first name attribute: user.firstname
- Custom last name attribute: user.lastname
- Custom full name attribute: user.fullname
Additionally, I'm using Caddy as a reverse proxy within the same Docker-compose file, which handles HTTPS.
Thanks in advance!