This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SAML2 Single SingOn

Go to solution
imran_khatyan
MEGA Partner
MEGA Partner

‎19-12-2020 04:34 PM

Hello, 

Getting the following error and ends in access_denied any idea: 

The signature verified correctly with the key contained in the signature, but that key is not trusted

regards, 

0 Likes
29 Replies

Go to solution
rsutcliffe
MEGA
MEGA
In response to ibra22

‎26-05-2023 02:54 PM

@ibra22 

There are two things I notice. The return URL is HTTP but the other URLS are HTTPS. So, I believe you will want to update that URL to be HTTPS like the others. 

I may be wrong, but I believe you want the return URL to be /Hopex instead of /UAS/AuthServices/Acs

/Hopex is the entry point of the tool, so I believe that where it wants to return. 

I hope this helps 🙂

Kind regards,

Ryan

US Support 

0 Likes

Go to solution
ibra22
Super Contributor

‎26-05-2023 05:46 AM

hi @imran_khatyan   @ikn ,

I am getting the same error after receiving the SAML response. Could you please have a look at the attached screenshot and tell me if the SAML configs I've done is right.

Preview file
105 KB
0 Likes

Go to solution
rsutcliffe
MEGA
MEGA

‎25-05-2023 03:19 PM

Hello @ibra22,

I am not sure if this is an issue, but from your screenshot two weeks ago, I notice the return URL is an IP address. I believe it is better practice to use a server name or a friendly name. 

Regarding the authentication mode for the user, for SSO you will want to use 'Custom' authentication.

Kind regards,

Ryan 

US Support

 

0 Likes

Go to solution
rsutcliffe
MEGA
MEGA

‎24-05-2023 11:13 PM

Hello @ibra22 

To be honest, we are starting to reach the limits of my SSO knowledge. I am happy to try a little bit more to see if we can get to the bottom of this. 

Which version of Hopex are you using?

In your screenshot from 2 weeks ago I notice the return URL contains an IP address. This might not be causing any issues, but I believe it is best practice to have this be the server name / friendly name (perhaps try testing both iteratively). 

Regarding Authentication mode for the user, when leveraging SSO, you will want to use 'Custom' mode.

Kind regards,

Ryan

US Support

0 Likes

Go to solution
ibra22
Super Contributor
In response to ibra22

‎24-05-2023 12:03 PM

Hi @rsutcliffe ,

Could you please tell me what should be the authentication mode in case of using SSO?

I mean, for logins, there is authentication mode (LDAP,MEGA,windows) so in case of SSO what it should be?

0 Likes

Go to solution
ibra22
Super Contributor
In response to rsutcliffe

‎12-05-2023 06:28 AM - edited ‎12-05-2023 06:30 AM

Thank you @rsutcliffe , I configured the SSL as below also I activated the SAML auth option under Identity providers.

The thing is when I test it, It's supposed that MEGA send a SAML request but can't see that request also in the SAML configs, they mentioning the SAML button label "Single Sign on", I can't see that neither

Screenshot (73).png

 

0 Likes

Go to solution
rsutcliffe
MEGA
MEGA
In response to ibra22

‎11-05-2023 08:56 PM

Hello @ibra22 

 

I am glad that the second links were more helpful. It is difficult for me to say further what the issue is without a more complete diagnostic of the config. Additionally, I personally have only minor experience working with SSO. With that being said one thing that I know is very important to configuring the SSO correctly is to properly define the location of the metadata file. The metadata file is typically stored somewhere locally on the server, and this location must be referenced in Hopex config.

How to define metadata location:

V4

Administration.exe > R click Hopex > Options > Modify > Options > Installation > Authentication > Identity Provider > SAML2 > Location of Metadata file

Note: There is other important information to populate on this page.

rsutcliffe_0-1683831061738.png

 

V5

Login to HAS Console > Modules > Authentication > Identity Providers > Create > Metadata location

rsutcliffe_1-1683831247026.png

rsutcliffe_2-1683831298109.png

Note that there are three tabs of various information to populate. 

 

I hope that this helps 🙂

Kind regards,

Ryan 

US Support

0 Likes

Go to solution
ibra22
Super Contributor
In response to rsutcliffe

‎11-05-2023 09:46 AM

Thank you @rsutcliffe  your reply really helped me generate the metadata and I shared it with the IdP.

But to test it:

- from the administration, I activated the SAML2 authentication and configured SAML2 as well

- When I tried to login I could see the SAML request initiated by MEGA to the IdP

What could be the issue?

0 Likes

Go to solution
rsutcliffe
MEGA
MEGA
In response to ibra22

‎03-05-2023 05:03 PM

You're welcome. My apologies the original link was not as helpful as I hoped. 

In the documentation, there are references to the EntityID / ACS endpoint
V4 > https://doc.mega.com/hopex-v4-en/#page/Deploy/HOPEX_Unified_Authentication_Service.OKTA_Configuratio...

V5 > https://doc.mega.com/hopex-v5-en/#page/Deploy/HOPEX_Unified_Authentication_Service_V5.Configuration_...

 

I hope that this is helpful 🙂

 

Kind regards,

0 Likes

Go to solution
ibra22
Super Contributor
In response to rsutcliffe

‎03-05-2023 01:01 PM

Thank you rsutcliffe for your reply,

I've gone through the links you shared and nothing mentioned on how to generate the metadata file, however, I got to use an online tool to generate it but it ask for Entity Id and ACS endpoint. Any idea how to get those information out of MEGA?

0 Likes
MEGA International © 1994 - 2024. All rights reserved