Issue: “Not allow” or “Not allowed” error on /samlassertion endpoint during Single Sign-On (SSO) process.
Possible Cause: The Drupal site is configured to only accept requests from trusted URLs, and the origin of the SAML response is not listed as a trusted site.
How to resolve it?
-
- Inspect the SAML response: Use a SAML Tracer extension in your browser to inspect the SAML response. This will help you identify the origin URL of the SAML response causing the issue. (Refer to this FAQ for more information)
- Find the origin URL in the SAML response: In the SAML tracer window please find and click on the SAML response URL (https://{base_url_of_site}/samlassertion). In the HTTP window of the SAML Tracer, find the origin URL.
- Edit CORS Configuration: Locate the service.yml file in your Drupal installation directory (/sites/default/services.yml).
- Add the origin URL to the “allowedOrigins” key: Look for the “allowedOrigins” key in the services.yml file. It should be an array that specifies the trusted sites. Add the origin URL obtained from the SAML response to this array.
- Clear the Drupal site cache: Save the modified services.yml file and clear the cache of your Drupal site. This step ensures that the changes take effect.
- Inspect the SAML response: Use a SAML Tracer extension in your browser to inspect the SAML response. This will help you identify the origin URL of the SAML response causing the issue. (Refer to this FAQ for more information)
Once all these steps are done try performing SSO again. The error should be resolved by now.
Please note that the steps provided here are general guidelines, and the exact process may vary depending on your Drupal version and configuration. Please contact drupalsupport@xecurify.com for more help.
