Issues integrate with Zammad

Infos:

• Used Zammad version: 6.4.1-45
• Used Zammad installation type: docker compose
• Operating system: RHLE 9
• Browser + version: Safari

Expected behavior:

• Login using SSO with no problem

Actual behavior:

• get error " 422: The change you wanted was rejected.

Message from saml: invalid_ticket"

Steps to reproduce the behavior:

• I integrate like apper flow this step Integrate with Zammad | authentik

but I can’t login using SSO:

Autentik log: (authorized )

image1495×999 163 KB

zammad log

2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.043753#1-184640]  INFO -- : Started POST "/api/v1/signshow" for 10.89.0.110 at 2025-03-09 23:01:10 -0500
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.070256#1-184640]  INFO -- : Processing by SessionsController#show as JSON
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.070471#1-184640]  INFO -- :   Parameters: {"fingerprint"=>-255276612}
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.348346#1-184640]  INFO -- : Completed 200 OK in 277ms (Views: 19.2ms | ActiveRecord: 12.9ms | Allocations: 33614)
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.395294#1-184820]  INFO -- : Started GET "/api/v1/translations/lang/en-us?_=1741579270002" for 10.89.0.110 at 2025-03-09 23:01:10 -0500
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.415498#1-184820]  INFO -- : Processing by TranslationsController#lang as JSON
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.415816#1-184820]  INFO -- :   Parameters: {"_"=>"1741579270002", "locale"=>"en-us"}
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.720331#1-184820]  INFO -- : Completed 200 OK in 304ms (Views: 89.1ms | ActiveRecord: 152.4ms | Allocations: 38056)
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.833233#1-184720]  INFO -- : Started GET "/api/v1/system_assets/product_logo/1741564292" for 10.89.0.110 at 2025-03-09 23:01:10 -0500
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.869101#1-184720]  INFO -- : Processing by SystemAssetsController#show as HTML
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.870234#1-184720]  INFO -- :   Parameters: {"identifier"=>"product_logo", "timestamp"=>"1741564292"}
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.905166#1-184720]  INFO -- : Sent data logo (1.7ms)
2025-03-09T23:01:10-05:00 I, [2025-03-09T23:01:10.912475#1-184720]  INFO -- : Completed 200 OK in 42ms (Views: 0.8ms | ActiveRecord: 14.1ms | Allocations: 2539)
2025-03-09T23:01:13-05:00 I, [2025-03-09T23:01:13.765881#1-184200]  INFO -- : Started POST "/auth/saml" for 10.89.0.110 at 2025-03-09 23:01:13 -0500
2025-03-09T23:01:24-05:00 I, [2025-03-09T23:01:24.854581#1-184800]  INFO -- : Started POST "/auth/saml/callback" for 10.89.0.110 at 2025-03-09 23:01:24 -0500
2025-03-09T23:01:24-05:00 E, [2025-03-09T23:01:24.908304#1-184800] ERROR -- : (saml) Authentication failure! invalid_ticket: OneLogin::RubySaml::ValidationError, Found an unexpected number of Signature Element. SAML Response rejected
2025-03-09T23:01:24-05:00 I, [2025-03-09T23:01:24.935886#1-184640]  INFO -- : Started GET "/auth/failure?message=invalid_ticket&origin=https%3A%2F%2Fsupport.riopacifico.net%2F&strategy=saml" for 10.89.0.110 at 2025-03-09 23:01:24 -0500
2025-03-09T23:01:24-05:00 I, [2025-03-09T23:01:24.951448#1-184640]  INFO -- : Processing by SessionsController#failure_omniauth as HTML
2025-03-09T23:01:24-05:00 I, [2025-03-09T23:01:24.951639#1-184640]  INFO -- :   Parameters: {"message"=>"invalid_ticket", "origin"=>"https://support.riopacifico.net/", "strategy"=>"saml"}
2025-03-09T23:01:24-05:00 E, [2025-03-09T23:01:24.962988#1-184640] ERROR -- : Message from saml: invalid_ticket (Exceptions::UnprocessableEntity)
2025-03-09T23:01:24-05:00 app/controllers/sessions_controller.rb:146:in `failure_omniauth'
2025-03-09T23:01:24-05:00 app/controllers/application_controller/handles_transitions.rb:16:in `handle_transaction'
2025-03-09T23:01:24-05:00 I, [2025-03-09T23:01:24.968676#1-184640]  INFO -- : Completed 422 Unprocessable Entity in 17ms (Views: 2.3ms | ActiveRecord: 2.4ms | Allocations: 2409)
2025-03-09T23:02:22-05:00 I, [2025-03-09T23:02:22.562338#1-184820]  INFO -- : Started GET "/api/v1/cti/log?_=1741578786150" for 10.89.0.110 at 2025-03-09 23:02:22 -0500
2025-03-09T23:02:22-05:00 I, [2025-03-09T23:02:22.587032#1-184820]  INFO -- : Processing by CtiController#index as JSON
2025-03-09T23:02:22-05:00 I, [2025-03-09T23:02:22.587207#1-184820]  INFO -- :   Parameters: {"_"=>"1741578786150"}
2025-03-09T23:02:22-05:00 I, [2025-03-09T23:02:22.628008#1-184820]  INFO -- : Completed 200 OK in 41ms (Views: 0.6ms | ActiveRecord: 9.4ms | Allocations: 5349)
2025-03-09T23:02:25-05:00 I, [2025-03-09T23:02:25.800250#1-184720]  INFO -- : Started GET "/api/v1/online_notifications/?full=true&_=1741578786151" for 10.89.0.110 at 2025-03-09 23:02:25 -0500
2025-03-09T23:02:25-05:00 I, [2025-03-09T23:02:25.813621#1-184720]  INFO -- : Processing by OnlineNotificationsController#index as JSON
2025-03-09T23:02:25-05:00 I, [2025-03-09T23:02:25.813841#1-184720]  INFO -- :   Parameters: {"full"=>"true", "_"=>"1741578786151"}
2025-03-09T23:02:25-05:00 I, [2025-03-09T23:02:25.866625#1-184720]  INFO -- : Completed 200 OK in 53ms (Views: 0.5ms | ActiveRecord: 13.1ms | Allocations: 6490)