We're using HTTP redirect-binding for providing SAML authentication using omniauth-saml gem. For testing purpose, we've configured ADFS in the windows instance and created a URL for login page.
We're able to login using some credentials by directly hitting the URL in browser.
But when we're using omniauth-saml gem to provide HTTP redirect-binding, then it shows "Invalid URI" error. Here's the error backtrace:
System.UriFormatException: Invalid URI: The format of the URI could not be determined.
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlSignInContext.ValidateCore()
at Microsoft.IdentityServer.Web.Protocols.ProtocolContext.Validate()
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.GetRequiredPipelineBehaviors(ProtocolContext pContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.EvaluateHomeRealm(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
Here's the SAML URL:
Here's the Omniauth SAML configuration:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :saml,
:assertion_consumer_service_url => "https://www.google.com", # Tried some more callback URLs as well
:issuer => "MyTrust",
:idp_sso_target_url => "https://ads.DOMAIN.com/adfs/ls/idpinitiatedSignOn.aspx",
:idp_cert => '-----BEGIN CERTIFICATE-----
MIIDBzCCAe+gAwIBAgIJAIuOuO5YI79hMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
BAMMD2Fkcy5rc29s.........
-----END CERTIFICATE-----'
end
Also, we're using Self-signed certificate for the ADFS. But I don't think it should be the problem as the logs is not showing certificate related error.
Atlast, I'm able to fix the problem by updating the "Relying Party Identifier" Name similar to "Display Name" of a Relying party trust.
Here's the link for more info: https://kb.informatica.com/ipssolution/1/Pages/1/513730.aspx