Red Hat Bugzilla – Bug 1519310
CloudForms SAML/SSO fails - The requested URL /saml2 was not found on this server
Last modified: 2017-12-07 21:20:35 EST
Description of problem:
Following the documented  implementation of CloudForms SSO using IPA and RH SSO, attempting to log in fails, producing this error in the UI instead:
The requested URL /saml2 was not found on this server.
 Section 22.214.171.124.11, “Configuring External Authentication Using SAML”
Removing the 'Master SAML Processing URL' value from the SSO client configuration resolved the problem.
Version-Release number of selected component (if applicable):
IPA : version: 4.5.0
SSO: Server Version 7.1.3.GA
Steps to Reproduce:
1. Implement as per documented procedure 
2. Attempt log in to CF appliance UI
Error above appears.
Successful log in.
This may simply be a documentation error.
Please confirm my understanding of the issue. The BZ seems to indicate that by removing the Master SAML Processing URL value from the SSO client configuration the issue is resolved. So my understanding is that the documentation may simply need to be updated to suggest removing the Master SAML Processing URL value from the SSO client configuration. Is that correct?
Thank you! JoeV
Hi Joe - agreed, this does simply seem to be a documentation bug for downstream (CloudForms).
Assigning to Dayle for review.
Dayle - see the above for what should be a simple fix to an issue a customer ran into when setting up authentication.
I've removed the "Master SAML Processing URL" line from the table in the procedure under the heading "Configuring the HTTP Server for SAML", which looks like all that is needed for this particular bug.
Would you mind reviewing please? Let me know if you think anything else is needed to be clear.
[@Prasad, if you have other docs fixes needed for the attached case, please let us know of any related BZs.]
Dayle, ack! will open new BZ with my findings soon.
Thank you Chris! I've also backported this to the gaprindshvili and fine branches in https://github.com/ManageIQ/manageiq_docs/pull/607 (merged) and PR #608.
The 4.5 General Configuration guide now includes this change in "126.96.36.199.11. Configuring External Authentication Using SAML":