SAML2 with Azure AD

Hi All,

I’m pretty close to getting SAML functioning, but the callback seems to be slightly broken and I’m kind of stuck…

I get the callback to: https:///auth/saml2/callback and am presented with Whoops, looks like something went wrong. Check your librenms.log…

I tail the librenms log and this is what I see during the callback:
Unknown binding type ‘’ {“exception”:“[object] (LightSaml\Error\LightSamlBindingException(code: 0): Unknown binding type ‘’ at /opt/librenms/vendor/litesaml/lightsaml/src/Binding/BindingFactory.php:75)”}

Below is my provider configuration:

{
“redirect”: true,
“register”: true,
“configs”: {
“saml2”: {
“metadata”: “https://login.microsoftonline.com/12b927cf-1be7-4fa2-a67f-5de9d52f96de/federationmetadata/2007-06/federationmetadata.xml?appid=a1661021-0eea-4536-a476-83f58c9bc26c”,
“sp_default_binding_method”: “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST”,
“listener”: “\SocialiteProviders\Saml2\Saml2ExtendSocialite”
}
}
}

********** UPDATE ************
Aright, so it appears that this just impacts the Chrome browser… I’ve cleared cache, restarted browser, all the normal browser-ish things to do but still occurs.

Firefox and Safari (on a MAC) do not seem to exhibit this behavior.

I’m having a similar issue, did you configure the SSO settings within config.php?

I have similar issues with all browser. librenms.log says:

 {"exception":"[object] (Laravel\\Socialite\\Two\\InvalidStateException(code:0):  at /opt/librenms/vendor/socialiteproviders/saml2/Provider.php:578)"}

If I set SESSION_SAME_SITE_COOKIE=none, all browsers except Chrome is working correctly. If SESSION_SAME_SITE_COOKIE=none Chrome will just show a “419 Expired” page when pressing the “Login wit Saml2” button.

Also it seems that none of the attributes are accepted (when logging in via Firefox)

Does anyone successfully configured SAML2 (maybe with LemonLDAP)?