Hello Everyone,
I am trying to implement SAML for REST web application. Currently I am using OpenEdge 11.4 version. I have configured appSecurity-basic-saml.xml file with Metadata files of SP and IDP. Now when I try to call REST web application from IDP, It opens an alert box in browser with the message "Authentication Required" and asking for username and password. I have tried username and password stored in tomcat-users.xml but it gives error shown below in log file of REST web application.
ERROR com.progress.rest.security.OESamlProcessingFilter doFilter - User : Username authentication failed: Error in user credentials
Why it is showing an alert box in the first place? What credentials I am suppose to provide in alert box?
Note: IDP is sending assertion in BASE64 encoded form. Please check the alert message that is coming up as attached file.
Thanks in advance,
Anuj J
Hi Anuj,
As you configured SAML, you should provide credentials stored in your IDP. Alert box comes up as you configured basic saml. If you would like to have it as a form in your browser, configure form saml (i.e. appSecurity-form-saml file)
If you would like to use users in tomcat-users.xml file for authentication, you need to configure Container security using appSecurity-container.xml file.
Hope, this helps.
Thanks,
Srinivas Munigala
Hi Srinivas,
I am using OneLogin as IDP, it stores username as NameID not password, and provides this NameID in assertion.
Hi Anuj,
I am not sure how OneLogin works. If you would like to have someone to look into your configuration immediately. Please contact Tech support and log an RFA.