History | Log In     View a printable version of the current page.  
Issue Details (XML | Word | Printable)

Key: QB-3766
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Major Major
Assignee: Robin Shen
Reporter: Thrasys Admin
Votes: 0
Watchers: 0

If you were logged in you would be able to see more operations.

SSO Exception with AzureAD Received invalid SAML response: The Response has an InResponseTo attribute: ONELOGIN....

Created: 26/Jul/21 05:26 PM   Updated: 29/Jul/21 11:14 PM
Component/s: None
Affects Version/s: 11.0.7
Fix Version/s: 11.0.10

Original Estimate: Unknown Remaining Estimate: Unknown Time Spent: Unknown

 Description  « Hide
To recreate "the Response has an InResponseTo attribute" error in the QB logs by leaving QuickBuild at the login page for +40 seconds
without logging in and then attempting to use SSO to log in.
Also sometimes get the error if I sign out of QuickBuild and then try to log back in quickly, but for the most part sign out/wait 40 seconds/try to log in seems to break it every time.

When it fails, the client then gets an error like this and is not logged into QB:
Message: invalid_response
The Response has an InResponseTo attribute: ONELOGIN_ea35ba25-0bcf-458f-b3fa-1e92574af60a while no InResponseTo was expected

Root cause:

com.pmease.quickbuild.QuickbuildException: invalid_response
The Response has an InResponseTo attribute: ONELOGIN_ea35ba25-0bcf-458f-b3fa-1e92574af60a while no InResponseTo was expected
at com.pmease.quickbuild.plugin.ssoprovider.saml.SamlProvider.processLoginResponse(SamlProvider.java:165)
at com.pmease.quickbuild.plugin.ssoprovider.saml.SamlProvider$$EnhancerByCGLIB$$501621d3.CGLIB$processLoginResponse$3(<generated>)
at com.pmease.quickbuild.plugin.ssoprovider.saml.SamlProvider$$EnhancerByCGLIB$$501621d3$$FastClassByCGLIB$$b6d7c027.invoke(<generated>)
at net.sf.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at com.pmease.quickbuild.DefaultScriptEngine$Interpolator.intercept(DefaultScriptEngine.java:261)
at com.pmease.quickbuild.plugin.ssoprovider.saml.SamlProvider$$EnhancerByCGLIB$$501621d3.processLoginResponse(<generated>)
at com.pmease.quickbuild.web.page.SSOLoginPage.<init>(SSOLoginPage.java:36)
at jdk.internal.reflect.GeneratedConstructorAccessor160.newInstance(Unknown Source).....

If you click "Back to Dashboard" and try to log in again (within 40 seconds), it works fine and you are able to stay connected/logged into QB just fine. FYI - I was able to create this issue in QB10 as well as QB11.
These articles might be related:



 All   Comments   Work Log   Change History      Sort Order:
Robin Shen [26/Jul/21 11:53 PM]
This normally happens when the url currently accessing is not the same as registered at SAML side. Please make sure all of below are the same:
1. The server url specified in system setting
2. The url you are visiting
3. The url you registered at SAML side (plus various suffix such as "sso-login" and "saml" of course)

Thrasys Admin [27/Jul/21 06:37 PM]
We have verified all those settings.
It works fine if you don't let login page sit for 1 minute before clicking sso button..
Seems after that it fails.
Then it works fine the second time.

Robin Shen [27/Jul/21 11:07 PM]
Please check QB system setting to see what is the session timeout value is defined as.

Thrasys Admin [27/Jul/21 11:52 PM]
I believe it is the default:

Robin Shen [29/Jul/21 01:53 AM]
Looks like for security reason, Chrome does not allow cookie to live for more than 1 minute when redirect back from other sites with POST requests. To solve the problem, the session tracking cookie will be re-generated at the time of clicking the "SSO login" button. The fix is released in QB 11.0.10:

Please test if this works for you.

Thrasys Admin [29/Jul/21 10:50 PM]
yes that fixes this issue. thanks