Pre-authentication: Users are not redirected to external IdP after upgrading to version 5.5.1

1 users found this article helpful

Symptoms

Users are not redirected to the external Identity Provider (IdP).

In the log files, a similar error can be seen:


2023-06-22 10:29:07.193719+00:00 awinguhost awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779641]: Failed to get SAML pre-auth URL: Incorrect padding
Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 160, in get_pre_auth_url
    return get_saml_auth(domain).login(
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 109, in get_saml_auth
    domain.auth_provider.config_get_unboxed('saml_pre_auth_certificate')),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/common/libs/base/models.py", line 201, in config_get_unboxed
    return (unbox_data(item['value'])
            ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/common/cipher.py", line 261, in unbox_data
    return get_box(key).decrypt(
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/nacl/secret.py", line 137, in decrypt
    ciphertext = encoder.decode(ciphertext)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/nacl/encoding.py", line 90, in decode
    return base64.b64decode(data)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu-python3/lib/python3.11/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Incorrect padding
2023-06-22 10:29:07.194709+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779641]: 127.0.0.1 POST /api/v2/branding/generate-pre-auth-url/?limit=1000 => HTTP 200 (57 msecs)
2023-06-22 10:29:13.455411+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779649]: 127.0.0.1 GET /api/v2/?limit=1000 => HTTP 200 (7 msecs)
2023-06-22 10:29:13.528388+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779649]: 127.0.0.1 GET /api/v2/sessions/current/?limit=1000 => HTTP 401 (4 msecs)
2023-06-22 10:29:13.528858+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779649]: Unauthorized: /api/v2/sessions/current/
2023-06-22 10:29:13.574015+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779651]: 127.0.0.1 GET /api/v2/favicons/image/?dimension=32&extension=png&state=active => HTTP 200 (20 msecs)
2023-06-22 10:29:13.577464+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779641]: 127.0.0.1 GET /api/v2/configuration-info/?limit=1000 => HTTP 200 (13 msecs)
2023-06-22 10:29:13.578861+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779649]: 127.0.0.1 GET /api/v2/branding/?limit=1000 => HTTP 200 (34 msecs)
2023-06-22 10:29:13.660834+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779641]: Failed to get SAML pre-auth URL: Incorrect padding
Traceback (most recent call last):
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 160, in get_pre_auth_url
    return get_saml_auth(domain).login(
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/authproviders/auth/saml.py", line 109, in get_saml_auth
    domain.auth_provider.config_get_unboxed('saml_pre_auth_certificate')),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/common/libs/base/models.py", line 201, in config_get_unboxed
    return (unbox_data(item['value'])
            ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/awingucore/common/cipher.py", line 261, in unbox_data
    return get_box(key).decrypt(
           ^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/nacl/secret.py", line 137, in decrypt
    ciphertext = encoder.decode(ciphertext)
                 ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu/awingu-core/virtualenv/lib/python3.11/site-packages/nacl/encoding.py", line 90, in decode
    return base64.b64decode(data)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/awingu-python3/lib/python3.11/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Incorrect padding
2023-06-22 10:29:13.661566+00:00 awingu awingu-api.service[/opt/awingu/awingu-core/virtualenv/bin/gunicorn:779641]: 127.0.0.1 POST /api/v2/branding/generate-pre-auth-url/?limit=1000 => HTTP 200 (16 msecs)

Cause

This is a known issue in version 5.5.1.

Resolution

Log in as the management user (see Can't login as the management user (local admin) because of SSO/Pre-Authentication Redirection ).

Upgrading to version 5.6.0 will fix the issue.

 

Was this article helpful?

Tell us how we can improve it.