by Tommy Nyholm.
Hi,
I need help in getting SSO to work between Moodle 3.0 (SP) and Salesforce (IdP).
As fairly new to Moodle, Salesforce and SSO I cannot figure out what's failing. A basic test against shibtest.org was successful.
SAML2-plugin: "SAML2 Single sign on" version 2017021700
The Moodle SAML2-plugin configuration:
- IdP metadata: Some config: entityID=https://..salesforce.com; WantAuthnRequestsSigned=false
- Signing certificate is valid.
- SP Metadata: entityID=https://moodle.com/auth/saml2/sp/metadata.php; AuthnRequestsSigned=true;
AssertionConsumerService Location=https://..moodle.com/auth/saml2/sp/saml2-acs.php/..moodle.com - SP Metadata signature: Signing the SP Metadata is set to Yes.
- IdP to Moodle mapping: "email" and "Email Address"
- Data Mapping: is not configured at this stage.
The Moodle test account user@email.com is configured to use SAML2 as authent. method.
user@email.com also exists in Salesforce using the same password.
Part of the Salesforce configuration I have got from the other company.
SAML SP Settings:
- Entity ID: https://..moodle.com/auth/saml2/sp/metadata.php;
- ACS URL: https://..moodle.com/auth/saml2/sp/saml2-acs.php/..moodle.com
- Issuer: https://..salesforce.com
- Verify Request Signatures: no value set
- Subject Type: Federation ID
Test logging in at the Salesforce site as user@email.com:
- When logged in, clicking the MoodleApp opens a second tab in the web browser where the user is redirected to ..
- https://..moodle.com/login/index.php as expected. But the "Username" field is empty. Shouldn't it contain user@email.com ?
- Therefore, clicking on "Login via SAML2" results in an exception (NOSTATE), clicking "Continue" gives
a second exception (ACSPARAMS), and third time ends in "Secure Connection Failed".
Debugging steps:
- I have run both tests (using "isPassive" and "isAuthenticated and login") both with the same response from the IdP, see attached isPassive_isAuthenticated.txt file.
- I also captured SAML2- and Moodle- debug data. Please, see the attached error.log
Tommy