Taiga-okta authentication using SAML plugin gets 405 error

Troubleshooting Self hosted Taiga
1

Hi, I have a taiga server installed using source code. I managed to get the saml-auth-contrib plugin to work for okta. So when i press “sign in with saml”, i get redirected to our okta sign in. i get authenticated fine (we’re seeing okta authentication successful). but when it return to my taiga URL, it shows 405 not allowed error

image
image721×677 15.3 KB

image
image1736×772 41.4 KB

can you help me check this? As per the instruction on the plugin, most of the sp details are set automatically. But on okta side, it’s set as:

CORS_ALLOW_ALL_ORIGINS = True

# Other options you might consider:
CORS_ALLOW_CREDENTIALS = True
CORS_ALLOW_HEADERS = [
    'content-type',
    'authorization',
]

Im stuck on what else could be the issue

Thank you!

2

Hi there,

First of all, we do not use that plugin, so we probably won’t be of much help. You may try to contact the plugin author on Github, but seeing how long it has not been updated, maybe that won’t be of help either.

However, the issue is that you are trying to make a POST request to the discover page, which does not support the POST method. We do not have a Single Logout URL, so as per the Okta documentation, you should probably use the main SP URL.

Hope this helps,

Best regards!

3

For some reason I got this working :sweat_smile: or at least errors on the plugin are gone. but now im facing an issue on the account creation. Is taiga made to manually create the account and not based on other authentication methods? Taiga server config seems fine. Okta authentication is succesful and redirects normally. but then taiga server doesn’t recognize the credentials/account.

image
image1605×821 22.6 KB

4

I’m using the official docker compose and recommended env properties, no SSO, but still get a HTTP 405 error when trying to log in.

I’m running on a local NAS setup (TrueNAS on ugreen NAS).
The docs were not really helpful as they contained wrong URLs. Using the container network names, I finally got Taiga running properly, but the last remaining issue is the login now:

2024-12-20 18:18:51.315585+00:00192.168.0.150 - - [20/Dec/2024:18:18:51 +0000] "GET /v-1721729942015/images/favicon.png HTTP/1.1" 200 6979 "http://192.168.0.117:9000/login?next=%252Fdiscover" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-" 2024-12-20 18:18:51.609646+00:00192.168.0.150 - - [20/Dec/2024:18:18:51 +0000] "GET /v-1721729942015/images/notification-decoration.png HTTP/1.1" 200 10317 "http://192.168.0.117:9000/login?next=%252Fdiscover" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-" 2024-12-20 18:18:53.553553+00:00192.168.0.150 - - [20/Dec/2024:18:18:53 +0000] "POST /api/v1/auth HTTP/1.1" 405 157 "http://192.168.0.117:9000/login?next=%252Fdiscover" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0" "-"

I did not change any config beyond the standard .env, docker-compose.yml and taiga.conf for nginx, so the POST comes from the frontend…

At this point, I’m really p(uzzl|?ss)ed…