Infos:
- Used Zammad version: 3.6.0
- Used Zammad installation source: Debian Package
- Operating system: Debian 10
- Browser + version: Chromium / Firefox
Expected behavior:
- Getting redirected to SAML Login Page (Keycloak)
Actual behavior:
- Getting a Page with the Title “422: Unprocessable Entity” after clicking on the SAML Button on the Login Page without getting redirected to the Idp.
This is logged to the production.log when I click the SAML button:
I, [2021-02-11T10:30:22.553049 #28193-47414657253800] INFO – : Started POST “/auth/saml” for -ipremoved- at 2021-02-11 10:30:22 +0000
I, [2021-02-11T10:30:22.560099 #28193-47414657253800] INFO – : (saml) Request phase initiated.
F, [2021-02-11T10:30:22.572916 #28193-47414657253800] FATAL – :
F, [2021-02-11T10:30:22.573089 #28193-47414657253800] FATAL – : ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
F, [2021-02-11T10:30:22.573218 #28193-47414657253800] FATAL – :
F, [2021-02-11T10:30:22.573357 #28193-47414657253800] FATAL – : vendor/bundle/ruby/2.6.0/gems/omniauth-rails_csrf_protection-0.1.2/lib/omniauth/rails_csrf_protection/token_verifier.rb:34:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:209:in
request_call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:188:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:192:incall!' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/strategy.rb:169:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/omniauth-1.9.1/lib/omniauth/builder.rb:45:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/tempfile_reaper.rb:15:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/etag.rb:27:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/conditional_get.rb:40:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/head.rb:12:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/http/content_security_policy.rb:18:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:266:incontext' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/session/abstract/id.rb:260:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/cookies.rb:670:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/callbacks.rb:28:in
block in call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/callbacks.rb:98:inrun_callbacks' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/callbacks.rb:26:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/debug_exceptions.rb:61:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/show_exceptions.rb:33:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/rack/logger.rb:38:incall_app' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/rack/logger.rb:26:in
block in call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/tagged_logging.rb:71:inblock in tagged' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/tagged_logging.rb:28:in
tagged’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/tagged_logging.rb:71:intagged' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/rack/logger.rb:26:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/remote_ip.rb:81:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/request_id.rb:27:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/method_override.rb:24:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/runtime.rb:22:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/activesupport-5.2.4.4/lib/active_support/cache/strategy/local_cache_middleware.rb:29:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/executor.rb:14:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/actionpack-5.2.4.4/lib/action_dispatch/middleware/static.rb:127:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/rack-2.2.3/lib/rack/sendfile.rb:110:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/railties-5.2.4.4/lib/rails/engine.rb:524:incall' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/configuration.rb:227:in
call’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/server.rb:706:inhandle_request' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/server.rb:476:in
process_client’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/server.rb:334:inblock in run' [f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/puma-3.12.6/lib/puma/thread_pool.rb:135:in
block in spawn_thread’
[f183a632-2725-4ff4-94c6-05fc0401f788] vendor/bundle/ruby/2.6.0/gems/logging-2.2.2/lib/logging/diagnostic_context.rb:474:in `block in create_with_logging_context’
Steps to reproduce the behavior:
- Add a SAML Provider at Third-Party Application and try to use it.