Help

SecureAuth SSO Integration

Go to solution
jbjahn
New Contributor III

Posted on β€Ž07-27-2018 12:22 PM

Anyone have any luck with SecureAuth SSO integration with their Jamf Pro Software Server? I am not our SecureAuth engineer but I have been advised that they followed the Ping Identity (https://www.jamf.com/jamf-nation/articles/439/configuring-single-sign-on-with-ping-identity) guide for configuring SecureAuth as closely as they could and then I took care of the JSS side. When enabled, I am getting SSO error when hitting our instance. Here is the log information-

Caused by: org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:229) at org.springframework.security.saml.SAMLAuthenticationProvider.authenticate(SAMLAuthenticationProvider.java:87) ... 46 more
Caused by: org.opensaml.common.SAMLException: Assertion invalidated by subject confirmation - can't be confirmed by the bearer method at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifySubject(WebSSOProfileConsumerImpl.java:400) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:296) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214) ... 47 more

Would be willing to start from scratch if anyone has had luck setting up SecureAuth with JSS. TIA!

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
jbjahn
New Contributor III

Posted on β€Ž07-27-2018 12:28 PM

Well my SecureAuth engineer was able to fix this out. The response I got was-

It was the β€œSubjectConfirmationData Not Before” setting. I set it to False… and now it works.

That's all I got, hoping this helps someone else.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
jbjahn
New Contributor III

Posted on β€Ž07-27-2018 12:28 PM

Well my SecureAuth engineer was able to fix this out. The response I got was-

It was the β€œSubjectConfirmationData Not Before” setting. I set it to False… and now it works.

That's all I got, hoping this helps someone else.

View solution in original post

0 Kudos

Go to solution
tdclark
Contributor

Posted on β€Ž12-13-2018 11:59 AM

Do you have any additional documentation that you found on this? I'm in the same boat with SecureAuth and I am intrigued by your post! Thanks!

0 Kudos

Go to solution
motogp123
New Contributor

Posted on β€Ž09-01-2020 05:22 AM

Sharing screenshots of our working POST Auth config in SecureAuth version 9.2 using group based auth in saml assertion. Make sure to have these groups created on Jamf side. Also, tested to support user matching via UPN attribute. If matching against user accounts, make sure to have the full UPN value created on Jamf side.
f87f95ad568f43f4a3bab9845684d32a

95dc3f8852ac4db094c8c70bada71d06

e7ed3009bce54d06a7605cfa2c3a8e89

0 Kudos
Jamf helps organizations succeed with Apple. By enabling IT to empower end users, we bring the legendary Apple experience to businesses, education and government organizations. Learn about Jamf.