I did every thing what I need to do.
I followed this : https://docs.gethue.com/latest/administrator/configuration/server/#saml
env
- os : ubuntu
- hue : 4.4.0
step 1. install below
git gcc python-dev swig openssl xmlsec1 libxmlsec1-openssl
step 2. copy metadata from Idp to local
step 3. make a private key and certification with openssl
step 4. set configuration ini file
[[auth]]
backend=libsaml.backend.SAML2Backend
[libsaml]
xmlsec_binary=/usr/bin/xmlsec1
metadata_file=/opt/cloudera/security/saml/idp-openam-metadata.xml
key_file=/opt/cloudera/security/saml/host.key
cert_file=/opt/cloudera/security/saml/host.pem
username_source=nameid
entity_id=https://myhuedomainname.com/saml2/metadata
step 5. get hue metadata and register it at Idp
I got my hue metadata at : https://myhuedomainname.com/saml2/metadata
and I registered it at Idp that our company use.
I think I did everything right.
but when I access to https://myhuedomainname.com,
my browser is redirected to :https://myhuedomainname.com/saml2/login/?next=/
then I got error that I cannot solved
it is empty screen that is redirected to same url again and again.
in browser console, I got this error
i18n.js:17 Uncaught ReferenceError: HUE_I18n is not defined
at I18n (i18n.js:17)
at Module…/desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js (hue-bundle-298542530f223cd290f0.js:sourcemap:36878)
at webpack_require (hue-bundle-298542530f223cd290f0.js:sourcemap:104)
at Module…/desktop/core/src/desktop/js/jquery/jquery.common.js (hue-bundle-298542530f223cd290f0.js:sourcemap:36409)
at webpack_require (hue-bundle-298542530f223cd290f0.js:sourcemap:104)
at Module…/desktop/core/src/desktop/js/hue.js (hue-bundle-298542530f223cd290f0.js:sourcemap:36152)
at webpack_require (hue-bundle-298542530f223cd290f0.js:sourcemap:104)
at Object.0 (hue-bundle-298542530f223cd290f0.js:sourcemap:93924)
at webpack_require (hue-bundle-298542530f223cd290f0.js:sourcemap:104)
at checkDeferredModules (hue-bundle-298542530f223cd290f0.js:sourcemap:65)
I18n @ i18n.js:17
./desktop/core/src/desktop/js/jquery/plugins/jquery.filechooser.js @ hue-bundle-298542530f223cd290f0.js:sourcemap:36878
webpack_require @ hue-bundle-298542530f223cd290f0.js:sourcemap:104
./desktop/core/src/desktop/js/jquery/jquery.common.js @ hue-bundle-298542530f223cd290f0.js:sourcemap:36409
webpack_require @ hue-bundle-298542530f223cd290f0.js:sourcemap:104
./desktop/core/src/desktop/js/hue.js @ hue-bundle-298542530f223cd290f0.js:sourcemap:36152
webpack_require @ hue-bundle-298542530f223cd290f0.js:sourcemap:104
0 @ hue-bundle-298542530f223cd290f0.js:sourcemap:93924
webpack_require @ hue-bundle-298542530f223cd290f0.js:sourcemap:104
checkDeferredModules @ hue-bundle-298542530f223cd290f0.js:sourcemap:65
(anonymous) @ hue-bundle-298542530f223cd290f0.js:sourcemap:241
(anonymous) @ hue-bundle-298542530f223cd290f0.js:sourcemap:244
bootstrap-tooltip.js:326 Uncaught TypeError: Cannot read property ‘fn’ of undefined
at bootstrap-tooltip.js:326
at bootstrap-tooltip.js:361
(anonymous) @ bootstrap-tooltip.js:326
(anonymous) @ bootstrap-tooltip.js:361
bootstrap-typeahead-touchscreen.js:317 Uncaught TypeError: Cannot read property ‘fn’ of undefined
at bootstrap-typeahead-touchscreen.js:317
at bootstrap-typeahead-touchscreen.js:358
(anonymous) @ bootstrap-typeahead-touchscreen.js:317
(anonymous) @ bootstrap-typeahead-touchscreen.js:358
bootstrap-better-typeahead.min.js:12 Uncaught TypeError: Cannot read property ‘extend’ of undefined
at bootstrap-better-typeahead.min.js:12
at bootstrap-better-typeahead.min.js:12
(anonymous) @ bootstrap-better-typeahead.min.js:12
(anonymous) @ bootstrap-better-typeahead.min.js:12
popover-extra-placements.js:113 Uncaught ReferenceError: jQuery is not defined
at popover-extra-placements.js:113
(anonymous) @ popover-extra-placements.js:113
?next=/:113 Uncaught ReferenceError: Dropzone is not defined
at ?next=/:113
(anonymous) @ ?next=/:113
below is the logs of hue
[23/Sep/2019 21:50:34 +0000] middleware INFO Redirecting to login page: /
[23/Sep/2019 21:50:34 +0000] access INFO 210.94.41.89, 34.96.109.171 -anon- - “GET / HTTP/1.1” (mem: 158mb)-- login redirection
[23/Sep/2019 21:50:34 +0000] access INFO 210.94.41.89, 34.96.109.171 -anon- - “GET / HTTP/1.1” returned in 1ms (mem: 158mb)
[23/Sep/2019 21:50:34] “GET / HTTP/1.1” 302 0
[23/Sep/2019 21:50:34] “GET /static/desktop/js/bundles/hue/hue-bundle-facb48d1fb2c72ee1343.js.map HTTP/1.1” 200 7139914
[23/Sep/2019 21:50:35 +0000] access DEBUG 210.94.41.89, 34.96.109.171 -anon- - “GET /saml2/login/ HTTP/1.1” (mem: 158mb)
[23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => {‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’: [{‘binding’: ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’, ‘class’: ‘urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService’, ‘location’: ‘https://sts.secsso.net/adfs/ls/’}], ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’: [{‘binding’: ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’, ‘class’: ‘urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService’, ‘location’: ‘https://sts.secsso.net/adfs/ls/’}]}
[23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => {‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’: [{‘binding’: ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’, ‘class’: ‘urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService’, ‘location’: ‘https://sts.secsso.net/adfs/ls/’}], ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’: [{‘binding’: ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’, ‘class’: ‘urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService’, ‘location’: ‘https://sts.secsso.net/adfs/ls/’}]}
[23/Sep/2019 21:50:35 +0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor, single_sign_on_service, None)
[23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => {‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’: [{‘binding’: ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’, ‘class’: ‘urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService’, ‘location’: ‘https://sts.secsso.net/adfs/ls/’}], ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’: [{‘binding’: ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’, ‘class’: ‘urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService’, ‘location’: ‘https://sts.secsso.net/adfs/ls/’}]}
[23/Sep/2019 21:50:35 +0000] mdstore DEBUG service(http://sts.secsso.net/adfs/services/trust, idpsso_descriptor, single_sign_on_service, urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect)
[23/Sep/2019 21:50:35 +0000] mdstore DEBUG service => [{‘binding’: ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect’, ‘class’: ‘urn:oasis:names:tc:SAML:2.0:metadata&SingleSignOnService’, ‘location’: ‘https://sts.secsso.net/adfs/ls/’}]
[23/Sep/2019 21:50:35 +0000] client INFO destination to provider: https://sts.secsso.net/adfs/ls/
[23/Sep/2019 21:50:35 +0000] entity INFO REQUEST: <?xml version='1.0' encoding='UTF-8'?>
<samlp:AuthnRequest xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” AssertionConsumerServiceURL=“https://sbc-hue.mgmt.dev.com/saml2/acs/” Destination=“https://sts.secsso.net/adfs/ls/” ID=“id-PAYGwummPPJq8D6Xl” IssueInstant=“2019-09-24T04:50:35Z” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Version=“2.0”><saml:Issuer Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://sbc-hue.mgmt.dev.com/saml2/metadata/</saml:Issuer><samlp:NameIDPolicy AllowCreate=“false” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:persistent” /></samlp:AuthnRequest>
[23/Sep/2019 21:50:35 +0000] client INFO AuthNReq: <?xml version='1.0' encoding='UTF-8'?>
<samlp:AuthnRequest xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion” xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol” AssertionConsumerServiceURL=“https://sbc-hue.mgmt.dev.com/saml2/acs/” Destination=“https://sts.secsso.net/adfs/ls/” ID=“id-PAYGwummPPJq8D6Xl” IssueInstant=“2019-09-24T04:50:35Z” ProtocolBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST” Version=“2.0”><saml:Issuer Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:entity”>https://sbc-hue.mgmt.dev.com/saml2/metadata/</saml:Issuer><samlp:NameIDPolicy AllowCreate=“false” Format=“urn:oasis:names:tc:SAML:2.0:nameid-format:persistent” /></samlp:AuthnRequest>
[23/Sep/2019 21:50:35 +0000] entity INFO HTTP REDIRECT
[23/Sep/2019 21:50:35 +0000] views WARNING User is using Hue 3 UI
[23/Sep/2019 21:50:35 +0000] decorators INFO AXES: Calling decorated function: dt_login
[23/Sep/2019 21:50:35 +0000] decorators INFO args: (True,)
[23/Sep/2019 21:50:35 +0000] access INFO 210.94.41.89, 34.96.109.171 -anon- - “GET /saml2/login/ HTTP/1.1” returned in 250ms (mem: 158mb)
I tried it with hue 4.0.0 version but it works