Anyone have any luck with SecureAuth SSO integration with their Jamf Pro Software Server? I am not our SecureAuth engineer but I have been advised that they followed the Ping Identity (https://www.jamf.com/jamf-nation/articles/439/configuring-single-sign-on-with-ping-identity) guide for configuring SecureAuth as closely as they could and then I took care of the JSS side. When enabled, I am getting SSO error when hitting our instance. Here is the log information-
Caused by: org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
... 46 more
Caused by: org.opensaml.common.SAMLException: Assertion invalidated by subject confirmation - can't be confirmed by the bearer method at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifySubject(WebSSOProfileConsumerImpl.java:400) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.verifyAssertion(WebSSOProfileConsumerImpl.java:296) at org.springframework.security.saml.websso.WebSSOProfileConsumerImpl.processAuthenticationResponse(WebSSOProfileConsumerImpl.java:214) ... 47 more
Would be willing to start from scratch if anyone has had luck setting up SecureAuth with JSS. TIA!
Solved! Go to Solution.
Sharing screenshots of our working POST Auth config in SecureAuth version 9.2 using group based auth in saml assertion. Make sure to have these groups created on Jamf side. Also, tested to support user matching via UPN attribute. If matching against user accounts, make sure to have the full UPN value created on Jamf side.