I see a error “Not allow” or “Not allowed” while performing SSO:

152 views 0

Issue: “Not allow” or “Not allowed” error on /samlassertion endpoint during Single Sign-On (SSO) process.

Possible Cause: The Drupal site is configured to only accept requests from trusted URLs, and the origin of the SAML response is not listed as a trusted site.

How to resolve it?

    1. Inspect the SAML response: Use a SAML Tracer extension in your browser to inspect the SAML response. This will help you identify the origin URL of the SAML response causing the issue. (Refer to this FAQ for more information)
      Open SAML Tracer Logs
    2. Find the origin URL in the SAML response: In the SAML tracer window please find and click on the SAML response URL (https://{base_url_of_site}/samlassertion). In the HTTP window of the SAML Tracer, find the origin URL.
      Copy the Origin URL
    3. Edit CORS Configuration: Locate the service.yml file in your Drupal installation directory (/sites/default/services.yml).
    4. Add the origin URL to the “allowedOrigins” key: Look for the “allowedOrigins” key in the services.yml file. It should be an array that specifies the trusted sites. Add the origin URL obtained from the SAML response to this array.
      Find the allowed Origins and enter the Origin URL
    5. Clear the Drupal site cache: Save the modified services.yml file and clear the cache of your Drupal site. This step ensures that the changes take effect.

Once all these steps are done try performing SSO again. The error should be resolved by now.

Please note that the steps provided here are general guidelines, and the exact process may vary depending on your Drupal version and configuration. Please contact drupalsupport@xecurify.com for more help.


Was this helpful?

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com