SAML 2.0 Error When Logging in via SSO

Hello,

I’ve successfully setup SAML 2.0 SSO with our Azure AD identity provider but when attempting to log in we’re getting the following error:

{“responseMeta”:{“status”:500,“success”:false,“error”:{“code”:“500”,“message”:“Internal Server Error”}},“errorDisplay”:“500: Internal Server Error”}

In the “Backend” log we see the following error:

"[2023-04-06 20:18:10,414] - [761dbcfa-65] 500 Server Error for HTTP GET “/login/oauth2/code/keycloak?state=mws9XBIVU__mStCzOOy2EMrNDrtXIW7m_W5X7AES2WQ%40origin-%2Fapplications&session_state=50a55361-da84-4e47-961b-4dfa21f8b351&code=8aedbffc-cfd7-4c81-beb7-aaf966e3ceb5.50a55361-da84-4e47-961b-4dfa21f8b351.06d634f1-b409-4884-8ff3-495934cbf2ee”
org.springframework.web.reactive.function.client.WebClientRequestException: connection timed out: caspiandev.waterfallam.com/44.203.109.39:443
at org.springframework.web.reactive.function.client.ExchangeFunctions$DefaultExchangeFunction.lambda$wrapException$9(ExchangeFunctions.java:136)
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
Error has been observed at the following site(s):
*__checkpoint ⇢ Request to POST https://caspiandev.waterfallam.com/auth/realms/appsmith/protocol/openid-connect/token [DefaultWebClient]
*__checkpoint ⇢ OAuth2LoginAuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ OAuth2AuthorizationRequestRedirectWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ AuthenticationWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HttpHeaderWriterWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ ServerWebExchangeReactorContextWebFilter [DefaultWebFilterChain]
*__checkpoint ⇢ org.springframework.security.web.server.WebFilterChainProxy [DefaultWebFilterChain]
*__checkpoint ⇢ org.springframework.web.filter.reactive.ServerHttpObservationFilter [DefaultWebFilterChain]
*__checkpoint ⇢ HTTP GET “/login/oauth2/code/keycloak?state=mws9XBIVU__mStCzOOy2EMrNDrtXIW7m_W5X7AES2WQ%40origin-%2Fapplications&session_state=50a55361-da84-4e47-961b”

Any assistance would be greatly appreciated

Hey @ogray,

Thank you for bringing this to our attention. Let me loop our engineering team in here to take a look.

Could you provide the version of your instance and the instance logs, please?

You can grab the logs by running docker logs -f appsmith, or you could follow the steps from this guide on how to get the logs

Version: Appsmith Business v1.9.13

Output of docker logs -f appsmith is too large to paste here it seems

Hello @ogray, can you try sharing these logs with us via email @ support@appsmith.com? Please include the URL of this conversation in the body of the mail for reference.

Also, can you confirm if your server is able to contact Appsmith? Try running docker-compose exec appsmith curl -v https://caspiandev.waterfallam.com and share with us whatever output you get.

I’ve just sent the logs to support@appsmith.com and referenced this thread.

I get this output when running that command:

ubuntu@ip-172-31-3-205:~$ docker-compose exec appsmith curl -v https://caspiandev.waterfallam.com
/snap/docker/2746/lib/python3.6/site-packages/paramiko/transport.py:32: CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core team. Therefore, support for it is deprecated in cryptography. The next release of cryptography (40.0) will be the last to support Python 3.6.
from cryptography.hazmat.backends import default_backend

Hi @ogray, Apologies for the late response.
Is this the entire response you got when you ran the command?

Yes, that is the entire response

Upgrading Docker and Docker-compose before doing the initial installation and allowing the public IP via port 443 in the AWS Security Group used by the EC2 instance resolved the issue

Thank you for updating us here @ogray! Please mark your message as the solution for this thread so that others can easily find it.