We had the SAML plugin working with our AzureAD, but yesterday after we upgraded to the last commit, we started seeing the following errors when users try to authenticate via SAML:
Sign in Sorry, but we’re having trouble signing you in. AADSTS7500525: There was an XML error in the SAML message at line 1, position 1. Verify that the XML content of the SAML messages conforms to the SAML protocol specifications.
This link Azure AD SAML2 request rejected: AADSTS7500525 - Microsoft Q&A suggests that this can be caused by “Compressed SAML Authentication Requests” which AzureAD doesn’t support.
December commits have lots of changes on SAML (configuration via site settings, for example), but I was unable to figure out if there was some change related to SAML requests that may have caused this.
SAML config (working OK until the update):
## Saml plugin setting DISCOURSE_SAML_TARGET_URL: https://login.microsoftonline.com/<<our app id>>/saml2 DISCOURSE_SAML_CERT_FINGERPRINT: "<<our fingerprint>>" DISCOURSE_SAML_REQUEST_METHOD: POST #DISCOURSE_SAML_FULL_SCREEN_LOGIN: true DISCOURSE_SAML_CERT: "-----BEGIN CERTIFICATE----- <<Our cert payload>> -----END CERTIFICATE-----" DISCOURSE_SAML_SYNC_GROUPS: true DISCOURSE_SAML_GROUPS_ATTRIBUTE: http://schemas.microsoft.com/ws/2008/06/identity/claims/role DISCOURSE_SAML_GROUPS_FULLSYNC: true
How can I enable the auth debug to get more info about this?