SimpleSamlPhp + YouTrack

Hello, I’m trying to configure authorization between IDP ( simplesamlphp ) and SP (YouTrack). Authorization passes, but for some reason, after each authorization, a new user is created. I disabled allowedCreateNewUsers, an authorization error appeared.

Idp logs:

Aug 16 11:53:43 simplesamlphp NOTICE STAT [7d68960d97] User 'myAcc@mail.ru' successfully authenticated from 127.0.0.1(myIp)
Aug 16 11:53:43 simplesamlphp NOTICE STAT [7d68960d97] saml20-idp-SSO-first https://mySite.ru/admin/hub/ https://mySiteIdp.ru/simplesaml/saml2/idp/metadata.php NA
Aug 16 11:53:43 simplesamlphp NOTICE STAT [7d68960d97] saml20-idp-SSO https://mySite.ru/admin/hub/ https://mySiteIdp.ru/simplesaml/saml2/idp/metadata.php NA
Aug 16 11:53:43 simplesamlphp ERROR [7d68960d97] Unable to generate NameID. Check the userid.attribute option.
Aug 16 11:53:43 simplesamlphp WARNING [7d68960d97] Falling back to transient NameID.

My configuration in idp:

$metadata['https://mySite.ru/admin/hub/'] = array (
'entityid' => 'https://mySite.ru/admin/hub/',
'contacts' =>
array (
0 =>
array (
'contactType' => 'technical',
'givenName' => 'Сергей',
'emailAddress' =>
array (
0 => 'myAcc@mail.ru',
),
),
),
'metadata-set' => 'saml20-sp-remote',
'AssertionConsumerService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://mySite.ru/hub/api/rest/oauth2/interactive/login/5e790176-35ad-4081-91d3-37900718551f/land',
'index' => 1,
),
),
'SingleLogoutService' =>
array (
),
'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'validate.authnrequest' => false,
'saml20.sign.assertion' => false,
);

Logs in YouTrack do not say anything.

What could be the problem? IDP works with 2 more SP.

1
1 comment
Official comment

Sergey, could you please create a support request with this question?

https://youtrack-support.jetbrains.com/hc/en-us/requests/new?ticket_form_id=66282

Please attach screenshots with the settings of your Auth module in YouTrack + a screenshot of the profile of some user that was created instead of matching with an existing one + share the full logs of your YouTrack.

Thank you.

Please sign in to leave a comment.