<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Fri Feb 09 00:25:23 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[MODLOGSAML-69] No valid subject assertion found in response SSO</title>
                <link>https://folio-org.atlassian.net/browse/MODLOGSAML-69</link>
                <project id="10181" key="MODLOGSAML">mod-login-saml</project>
                    <description>&lt;p&gt;Steps to reproduce: &lt;br/&gt;
1. Go to chalmers.folio.ebsco.com &lt;br/&gt;
2. Click Log in via SSO to sign in as a staff user &lt;br/&gt;
3. On the Chalmers login page, log in with your credentials &lt;/p&gt;

&lt;p&gt;Expected result: I am redirected to the FOLIO landing page, where I can see my apps ans start working. &lt;/p&gt;

&lt;p&gt;Actual result: I am redirected to a blank page with only the text &#8221;No valid subject assertion found in response&#8221;. Further details: I tested this a few times (in incognito mode). Some of the times the &#8221;No valid subject assertion found in response&#8221; message showed up after the Chalmers login page, as stated above, some times just after I had clicked Log in via SSO. Every time I was able to get past the error page and on into FOLIO by refreshing the page one or two times. When I got the error message, I also noted a failed POST request in developer tools. I&apos;ll attach an image of that later. In dev tools, I noted that the error message comes from a failed POST request to &lt;a href=&quot;https://okapi-chalmers.folio.ebsco.com/_/invoke/tenant/fs00001000/saml/callback&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://okapi-chalmers.folio.ebsco.com/_/invoke/tenant/fs00001000/saml/callback&lt;/a&gt;. Will add more details about that in a comment. See attached screencast for a full walkthrough of the steps.&lt;/p&gt;

&lt;p&gt;Interested parties:  &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5afc1ced2083b15a0bd3e494&quot; class=&quot;user-hover&quot; rel=&quot;5afc1ced2083b15a0bd3e494&quot; data-account-id=&quot;5afc1ced2083b15a0bd3e494&quot; accountid=&quot;5afc1ced2083b15a0bd3e494&quot; rel=&quot;noreferrer&quot;&gt;Lisa Sj&#246;gren&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Could be related to : &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODLOGSAML-28&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-org.atlassian.net/browse/MODLOGSAML-28&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="73302">MODLOGSAML-69</key>
            <summary>No valid subject assertion found in response SSO</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                            <parent id="78961">SUP-12</parent>
                                    <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="-1">Unassigned</assignee>
                                                                <reporter accountid="5d6eeadef989e00d8c7e897b">Anya</reporter>
                                    <labels>
                    </labels>
                <created>Mon, 3 Aug 2020 21:04:51 +0000</created>
                <updated>Wed, 5 Aug 2020 08:29:26 +0000</updated>
                            <resolved>Tue, 4 Aug 2020 16:09:46 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                <comments>
                                                            <comment id="177288" author="5d6eeadef989e00d8c7e897b" created="Mon, 3 Aug 2020 21:25:17 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cffed1a5d548b0c51d6b19b&quot; class=&quot;user-hover&quot; rel=&quot;5cffed1a5d548b0c51d6b19b&quot; data-account-id=&quot;5cffed1a5d548b0c51d6b19b&quot; accountid=&quot;5cffed1a5d548b0c51d6b19b&quot; rel=&quot;noreferrer&quot;&gt;Anton Emelianov&lt;/a&gt;- could we have library priority added to this - and it is high &lt;/p&gt;</comment>
                                                            <comment id="177289" author="5cffed1a5d548b0c51d6b19b" created="Mon, 3 Aug 2020 21:52:49 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5d6eeadef989e00d8c7e897b&quot; class=&quot;user-hover&quot; rel=&quot;5d6eeadef989e00d8c7e897b&quot; data-account-id=&quot;5d6eeadef989e00d8c7e897b&quot; accountid=&quot;5d6eeadef989e00d8c7e897b&quot; rel=&quot;noreferrer&quot;&gt;Anya&lt;/a&gt;, the &quot;Customer Priority&quot; filed has been added to the UX project and I set it to &quot;Important&quot; which is 1 below &quot;Critical&quot;. Why are you creating this bug in the UX project? &lt;/p&gt;</comment>
                                                            <comment id="177290" author="5d6eeadef989e00d8c7e897b" created="Mon, 3 Aug 2020 22:47:25 +0000"  >&lt;p&gt;Changed the project to Mod-log-saml &lt;/p&gt;</comment>
                                                            <comment id="177291" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 13:59:36 +0000"  >&lt;p&gt;I was able to reproduce this on the Chalmers site only.  I do not see the issue when using folio-testing/ssocircle for example.&lt;/p&gt;

&lt;p&gt;At the request of &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5afc1ced2083b15a0bd3e494&quot; class=&quot;user-hover&quot; rel=&quot;5afc1ced2083b15a0bd3e494&quot; data-account-id=&quot;5afc1ced2083b15a0bd3e494&quot; accountid=&quot;5afc1ced2083b15a0bd3e494&quot; rel=&quot;noreferrer&quot;&gt;Lisa Sj&#246;gren&lt;/a&gt; I&apos;m moving part of a conversation here for additional contex and continuing the conversation here.&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;Craig McNally&lt;br/&gt;
Has anything changed recently, either on the IdP or FOLIO side?&lt;/p&gt;

&lt;p&gt;Lisa Sj&#246;gren &lt;br/&gt;
The Chalmers SSO service had some kind of emergency certificate change about a few weeks ago, that apparently caused some temporary login problems. Unfortunately I don&apos;t know the details, as I was on vacation at the time (and those who were there are on vacation now).&lt;br/&gt;
The most recent change to FOLIO that I can think of is the upgrade to Fameflower back in May. I suspect if that had been the cause of this we would have noticed it earlier, since everyone typically has to log in again after an upgrade.&lt;/p&gt;&lt;/blockquote&gt;</comment>
                                                            <comment id="177292" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 14:01:22 +0000"  >&lt;blockquote&gt;&lt;p&gt;emergency certificate change about a few weeks ago, that apparently caused some temporary login problems&lt;/p&gt;&lt;/blockquote&gt;
&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5afc1ced2083b15a0bd3e494&quot; class=&quot;user-hover&quot; rel=&quot;5afc1ced2083b15a0bd3e494&quot; data-account-id=&quot;5afc1ced2083b15a0bd3e494&quot; accountid=&quot;5afc1ced2083b15a0bd3e494&quot; rel=&quot;noreferrer&quot;&gt;Lisa Sj&#246;gren&lt;/a&gt; where can I get more detail on this?&lt;/p&gt;</comment>
                                                            <comment id="177293" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 14:14:27 +0000"  >&lt;p&gt;Hearing that, my gut reaction is that FOLIO is unable to verify the message signature, or decrypt the saml assertion.  What&apos;s confusing to me is that if there was a change that required us to update the keystore in FOLIO, why does it work when you refresh the page after getting this error...  I&apos;m beginning to wonder if there&apos;s more than just one issue here. &lt;/p&gt;</comment>
                                                            <comment id="177294" author="5afc1ced2083b15a0bd3e494" created="Tue, 4 Aug 2020 14:20:04 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; This is all the information I have right now, from &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=557058%3Ab01b75c5-6869-48ce-aab7-08e710b4ae49&quot; class=&quot;user-hover&quot; rel=&quot;557058:b01b75c5-6869-48ce-aab7-08e710b4ae49&quot; data-account-id=&quot;557058:b01b75c5-6869-48ce-aab7-08e710b4ae49&quot; accountid=&quot;557058:b01b75c5-6869-48ce-aab7-08e710b4ae49&quot; rel=&quot;noreferrer&quot;&gt;Lari Kovanen&lt;/a&gt; who is currently on vacation (my translation): &quot;FOLIO needs to refetch the metadata from Chalmers SSO since it has changed its certificate. I tried to trigger this by editing the SSO config, which did not solve the problem so we&apos;ll need to contact support about this.&quot;&lt;/p&gt;

&lt;p&gt;Another colleague who is now also on vacation told me that the above problem had been resolved, but I don&apos;t know how or which support (if any) was contacted about it.&lt;/p&gt;</comment>
                                                            <comment id="177295" author="5afc1ced2083b15a0bd3e494" created="Tue, 4 Aug 2020 14:28:23 +0000"  >&lt;p&gt;Interesting! It&apos;s like a Kinder egg of issues.&lt;br/&gt;
I&apos;ll see if I can dig out some more info about the signature change.&lt;/p&gt;</comment>
                                                            <comment id="177296" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 15:28:05 +0000"  >&lt;p&gt;Right, I&apos;m thinking that we need to regenerate the SP metadata on the FOLIO side and then update the IdP with this new metadata.  I can only do the first part.  I&apos;ll need help from someone at Chalmers for the 2nd part&lt;/p&gt;</comment>
                                                            <comment id="177297" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 15:30:35 +0000"  >&lt;p&gt;Let me try restarting the module... that might be enough, though I kinda doubt it.&lt;/p&gt;</comment>
                                                            <comment id="177298" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 15:45:33 +0000"  >&lt;p&gt;OK that actually seems to have worked.  I can no longer reproduce this problem.&lt;/p&gt;

&lt;p&gt;I&apos;m still a little concerned that a refresh after the error succeeded. &lt;/p&gt;</comment>
                                                            <comment id="177299" author="5d6eeadef989e00d8c7e897b" created="Tue, 4 Aug 2020 16:09:46 +0000"  >&lt;p&gt;Restart cleared the issue. &lt;/p&gt;</comment>
                                                            <comment id="177300" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 17:02:33 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5afc1ced2083b15a0bd3e494&quot; class=&quot;user-hover&quot; rel=&quot;5afc1ced2083b15a0bd3e494&quot; data-account-id=&quot;5afc1ced2083b15a0bd3e494&quot; accountid=&quot;5afc1ced2083b15a0bd3e494&quot; rel=&quot;noreferrer&quot;&gt;Lisa Sj&#246;gren&lt;/a&gt; assigning to you and moving to review status... Please verify this has been resolved.  If so we can close it. &lt;/p&gt;</comment>
                                                            <comment id="177301" author="5cf6c546b87c300f36eb7b9a" created="Tue, 4 Aug 2020 17:03:24 +0000"  >&lt;p&gt;oh, never mind, I see it&apos;s already closed &lt;img class=&quot;emoticon&quot; src=&quot;/images/icons/emoticons/smile.png&quot; height=&quot;16&quot; width=&quot;16&quot; align=&quot;absmiddle&quot; alt=&quot;&quot; border=&quot;0&quot;/&gt;&lt;/p&gt;</comment>
                                                            <comment id="177302" author="5afc1ced2083b15a0bd3e494" created="Wed, 5 Aug 2020 08:29:26 +0000"  >&lt;p&gt;Ok, great! &lt;/p&gt;

&lt;p&gt;I actually had trouble reproducing it already yesterday (before you restarted the module), figured maybe there was some incognito mode-surpassing browser-level caching going on that sort of let me bypass the problem. (Had only tried Chrome and Firefox, so was going to test it in Edge today &amp;#8211; unfortunately the login page didn&apos;t load &lt;em&gt;at all&lt;/em&gt; in there....:&apos;D )&lt;/p&gt;

&lt;p&gt;I&apos;ll keep my fingers crossed that the restart did the trick, and ask my colleagues &amp;#8211; a lot of whom will be forced to log in anew after vacation &amp;#8211; to let us know if the issue reappears.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="73255">MODLOGSAML-70</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="73306">MODLOGSAML-71</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="60231" name="Log in - FOLIO - Google Chrome 2020-08-03 11-02-29_Trim.mp4" size="1345544" author="5d6eeadef989e00d8c7e897b" created="Mon, 3 Aug 2020 21:05:21 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                        <customfield id="customfield_10107" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Affected Institution</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10393"><![CDATA[Chalmers]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10014" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue key="$xmlutils.escape($text)">Epic to link all support issues located in Dev projects</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i01il7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 3 Aug 2020 21:52:49 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>