Question - Change in SAML behavior (Azure)

Hi There,

We’ve deployed the community version of Eramba, and now the enterprise version, following the steps in here for connecting to Azure AD for SAML Auth.

Question - SAML Configuration for Azure AD - Settings - eramba

I’ve discovered that the Azure Enterprise application breaks with the enterprise version. Within the enterprise version I can test SSO, and it works, however actually using SSO fails because it looks like the redirect URL’s have been hard coded in the enterprise version to use http.

In the SAML connector in the community version, I see the Redirect URLS listed like:

In the enterprise version I see them as:

Also, on the community version the Sign SAML Request is enabled even though I haven’t entered x509 certs or keys (and it works fine). If I toggle the Sign SAML on the enterprise version it forces me to enter x509 cert and key, but I’m not currently using that.

Hopefully I’ve described this properly.

With regards,

Tim

Just following up on my own question, so deploying the code directly does not have the same problem, this was only using the virtual machine available for deployment.

what versions of eramba you have used on one and another case?

thanks for the feedback

On the community version it was c2.8.1.

On the Virtual Machine it was e.20.2.6.

On the enterprise code version that I deployed on my own server it was e20.2.3.

With regards,

Tim

Hello Tim,
What URL you have in Cron url setting? (Settings/crontab)
Regarding Signed SAML request, so if you enable this option eramba ask you to put certificate and key. That sound correct to me. (I would say there is a bug on community that these fields are not mandatory)

URL is https://fqdn

It works fine on installing the source code so not sure its worth digging into it, this appears to be only the VM appliance with an SSL cert installed (Let’s Encrypt).

Thanks though!