Error using Azure AD authentication even with compression off

Question

Error using Azure AD authentication even with compression off

Opened this issue 8 months ago · 9 comments

Hi,
Previously we were getting errors because Azure AD does not support compressed SAML authentication requests. You added a way to disable compression in the config file, but now Microsoft is giving a different error when we try to authenticate:
AADSTS750055: SAML message was not properly DEFLATE-encoded.

Answer 1 · 2024-01-24T18:31:47.000Z

Perhaps this maybe useful:
From the reference online encoding linked in the question, Azure AD is expecting raw deflate data. To get that, replace the deflateInit() call with:

deflateInit2(&zs, compressionlevel, 8, -15, 8, 0)

The web page is here:
https://stackoverflow.com/questions/73938815/zlib-deflated-samlrequest-returns-a-not-deflated-propper-by-azure-ad

Answer 2 · 2024-02-01T15:01:37.000Z

I have the same problem, nothing in the logs

Answer 3 · 2024-02-07T01:10:33.000Z

Hi, I didn't even know about the fork, so thank you and hope you can fix it.

Answer 4 · 2024-02-22T22:57:27.000Z

Hi @DonutsNL. Any progress on replacing the deflateInit() call?

Answer 5 · 2024-02-22T23:23:23.000Z

I am making it configurable in a new version of the plugin. I am also adressing some structural stuff to adopt composer and psr4 namespaces.

Answer 6 · 2024-02-22T23:26:28.000Z

Great. I see that you have a phpsaml2 project on your github page. Should I be using that instead of the phpsaml one? Thanks for so quickly responding to my post. Frank Fernandez IT Technician Department of Pediatrics | UW Medicine 1959 NE Pacific Street |Box 356320 | Seattle, WA 98195 Pronouns | He, Him, His EMAIL: ***@***.******@***.***> HELP: ***@***.******@***.***> | WEB REQUESTS: ***@***.******@***.***> WEB: https://www.peds.uw.edu/facstaff/computing From: DonutsNL ***@***.***> Sent: Thursday, February 22, 2024 3:24 PM To: derricksmith/phpsaml ***@***.***> Cc: Frank Fernandez ***@***.***>; Comment ***@***.***> Subject: Re: [derricksmith/phpsaml] Error using Azure AD authentication even with compression off (Issue #161) I am making it configurable in a new version of the plugin. I am also adressing some structural stuff to adopt composer and psr4 namespaces. — Reply to this email directly, view it on GitHub<https://urldefense.com/v3/__https:/github.com/derricksmith/phpsaml/issues/161*issuecomment-1960502541__;Iw!!K-Hz7m0Vt54!j6tud21ADIzzS8UmQv3uQaOgHk4AkcEYr1dPqZPjyXS_HzdKxw3_rKqc8BGlZIxgZEzLci_5gYXnUAUd5IRQ$>, or unsubscribe<https://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AHCLANEZVQKP2HD57DVRZLTYU7HPPAVCNFSM6AAAAABCHUYQJ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSNRQGUYDENJUGE__;!!K-Hz7m0Vt54!j6tud21ADIzzS8UmQv3uQaOgHk4AkcEYr1dPqZPjyXS_HzdKxw3_rKqc8BGlZIxgZEzLci_5gYXnUHgOBQRR$>. You are receiving this because you commented.Message ID: ***@***.******@***.***>>

Answer 7 · 2024-02-23T07:25:00.000Z

Thats still a work in progress. Finished working on the main config and got basic crud working. Keep an eye out on my repo, ill be posting updates there.

In the meanwhile you can disable/enable conpression manually in the config.class.php.

Answer 8 · 2024-02-25T15:13:29.000Z

Greetings, thank you very much for all your work, how can I test your new version?, I have tried to use the repository from git "phpsaml2" but it is still not visible from the plugins in GLPI. Thanks!

Answer 9 · 2024-02-25T15:19:54.000Z

I will post some instructions in the repo. Basically it requires you to manually download it and place it inside the marketplace folder in a folder named "glpisaml." Make sure the environment you using for testing is not a production environment. the plugin is very much a work in progress and not yet functional or production ready. I just finished the configuration interface and would very much like to get some early feedback on that. Rgrds,