Uploaded image for project: 'SAML for Atlassian Data Center'
  1. SAML for Atlassian Data Center
  2. SAMLDC-92

MCAS integration - SAMLRequest parameter encoding question

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Low Low
    • None
    • 4.1.5
    • SSO

      We are working with Microsoft to setup MCAS proxy to our Data Center Atlassian tools. Microsoft said there is an issue with the SP (Atlassian SSO Data Center app) when crafting the SAMLRequest parameter.  We are not so sure this is an issue on your side, but wanted to run it by you. This is Microsoft's explanation:

      The Sign on URL itself is correct to have the "&", ie. the SAML URL configured for the app should look like:

      https://us.saml.cas.ms/saml/sso_login?orig_idp=https%3A%2F%2Fl...*&*mcastenant=xxxxx

      This is where the syntax error is: the SP creates this "SAMLRequest" XML, then encodes it and sends it to the SAML Proxy URL via POST request. However, the original XML crafted by the SP contains the unescaped "&" character, which must be encoded for the XML to be valid, and for this parameter to properly be processed. So the correct XML (before encoding) for that "SAMLRequest" parameter should look like:

      <samlp:AuthnRequest [...] Destination=[https://us.saml.cas.ms/saml/sso_login?orig_idp=https%3A%2F%2Flo...*&*mcastenant=xxxxx</samlp:AuthnRequest>

      Again, we think it would be on mcas side, but wanted to get your thoughts.

            [SAMLDC-92] MCAS integration - SAMLRequest parameter encoding question

            Pawel Cieszko made changes -
            Remote Link Original: This issue links to "Page (Confluence)" [ 603057 ]
            Pawel Cieszko made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 731683 ]
            Patryk made changes -
            Status Original: Needs Triage [ 10030 ] New: Long Term Backlog [ 12073 ]
            Owen made changes -
            Workflow Original: SAMLDC Workflow v2 [ 4134168 ] New: JAC Bug Workflow v3 [ 4271283 ]
            Status Original: Open [ 1 ] New: Needs Triage [ 10030 ]
            Daniel Serkowski made changes -
            Remote Link New: This issue links to "AAUTH-606 (Current JIRA)" [ 604221 ]
            Daniel Serkowski made changes -
            Remote Link New: This issue links to "Page (Confluence)" [ 603057 ]
            Patryk made changes -
            Labels New: long-term-backlog
            Patryk made changes -
            Issue Type Original: Support Request [ 5 ] New: Bug [ 1 ]
            Leann Adams created issue -

              Unassigned Unassigned
              b998ebe3cf7c Leann Adams
              Affected customers:
              0 This affects my team
              Watchers:
              2 Start watching this issue

                Created:
                Updated: