I'm trying to use Azure AD SAML for authenticating to Rapid7 InsightVM (Nexpose)
I have the Enterprise Application registered in AAD, with the EntityID provided from the InsightVM configuration. The Azure configuration has been set to sign SAML responses and queries.
On InsightVM, I have the SAML Auth enabled, and have pasted in the metadata downloaded from Azure. I have created a new user with the username and email address corresponding to my Azure principal, and set the SAML auth method for it. I then restarted the insightvm console.
My problems are -
- First, there seems to be no 'SAML Login' button on the InsightVM login page,
- Secondly, when I try to test the login using the Azure SAML, I get the message
The SAML credentials are invalid. Please contact your System Administrator.
The log files(set to DEBUG level) only show [Thread: http-nio-443-exec-1=/saml/SSO] Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response in nsc.log. Nothing in auth.log.
It is unclear why the login is being rejected.
Prior to creating the user in the database, auth.log would show this (email address changed for privacy):
2020-11-09T00:13:15 [WARN] [Thread: http-nio-443-exec-7=/data/user/login] [User ID: [email protected]] Unable to determine login module for user, defaulting to XML.
2020-11-09T00:13:15 [INFO] [Thread: http-nio-443-exec-7=/data/user/login] [Principal: [email protected]] [Cause: Credentials are not valid.] Authentication attempt failed.
Once the user with SAML auth and the correct userid was added, this stopped appearing, but the login was still rejected with the same error message.
Has anyone managed to make this work? What might I be doing wrong here?
0 Answers