Jump to content

Cannot download the Hornbill Meta data for user, admin or service....


John C
 Share

Recommended Posts

@TrevorHarris yes I know were the instructions are however I am finding them quite confusing...

 

When I initially configured SSO for Hornbill, (over two years ago) it was a totally different setup, not like now re downloading the files from Hornbill it was actually the other way round, import to Hornbill from Azure....

When does this change have to be made for?

Perhaps @Victor or @Bob Dickinson can advise?

Thanks

Link to comment
Share on other sites

The change mentioned by the HB notification is a change of Hornbill endpoints. Because we cannot automate an update here, given that this is configured on the identity provider, it requires a manual action. The SSO integration is done in both places, Hornbill and identity provider. Both requires metadata and usually that comes in form of an XML file (for SAML 2.0 anyway). So downloading the metadata file(s) was always there in Hornbill as this is how the SSO was designed to be configured, it is not something new that we introduced recently. In summary there are two sets of metadata that requires to be configured:

  • the Hornbill SSO metadata obtainable via the options available when setting up the profile in admin tool - this metadata will then be configured on the identity provider
  • the Identity Provider metadata which will then be configured in Hornbill

We can't really advise on any actions that need to be preformed on the identity provider as we don't have expertise with specific providers.

Link to comment
Share on other sites

@Victor thank you for your prompt reply as always...

Seeing that this change was implemented by Hornbill without prior warning I am just asking if indeed after downloading the XML's they are then uploaded to the existing SAML connections we have in Azure for Hornbill (Service), Hornbill (Live) and Hornbill (Admin), see screenshots below.

Also, when does this change have to be implemented for before it stops working?

 

image.png.e49867394ab6934d4a9471a20ef996ce.png

 

image.png.0265b2f250910f40e00fd03fb1ced9c4.png

 

Thanks

Link to comment
Share on other sites

We are also having issues with this since the banner appeared yesterday saying it would not cause any issues it has been endless issues with SSO.
We have moved over to Azure today from ADFS in the hope that we can do two birds with one stone, I was advised that our SSO issues were nothing to do with Hornbill but my engineers do not agree and have advised there has been a change in metadata (which we also had a issue with downloading) is what has caused the problems.

I cannot get access to my tickets on the support portal this morning as nothing is showing and there are clearly issues with it, I have emailed hornbill support and my account manager with no response as we need to get this resolved.

A bit fed up over here.

Link to comment
Share on other sites

2 minutes ago, John C said:

if indeed after downloading the XML's they are then uploaded to the existing SAML connections we have in Azure for Hornbill (Service), Hornbill (Live) and Hornbill (Admin), see screenshots below

I would say most likely yes, based on what I see in the screenshot, but again I really don't know how metadata is configured in Azure...

11 minutes ago, John C said:

when does this change have to be implemented for before it stops working?

There is no deadline to this at the time.

Link to comment
Share on other sites

@yelyah.nodrog yes I am very surprised more people are not reporting this issue or having similar issues.

At least I still have  access to what we need and has put me off updating.

@Victor judging by Yelyah actions and issue I think I will hold off on updating for now until we see a more reliable approach...

Thanks

Link to comment
Share on other sites

@yelyah.nodrog

13 minutes ago, yelyah.nodrog said:

We have moved over to Azure today from ADFS in the hope that we can do two birds with one stone, I was advised that our SSO issues were nothing to do with Hornbill but my engineers do not agree and have advised there has been a change in metadata (which we also had a issue with downloading) is what has caused the problems.

Can you confirm if you and the infrastructure team follow the steps detailed here: https://wiki.hornbill.com/index.php?title=Updating_SSO_SAML_Metadata_Configuration_Action_Required? Specifically the "How to update the configuration" section?

There was indeed a change in metadata, this is the very reason why the update is needed... there are 2 specific steps that need to be performed:

1. Re-import the Hornbill SAML metadata to your identity provider. You will need to do this for each service you use SAML for in hornbill (e.g. live, admin, service, and mCatalog). This metadata can be imported alongside your current configuration on your identity provider. The metadata required can be accessed by clicking the appropriate button on the SSO Profile list page in the admin tool (if your identity provider doesn't support importing metadata automatically you can view the Entity Id and Reply URL you will need by clicking on the metadata button) - I presume Azure has the option to import this metadata, based on the above screenshot provided by @John C who also uses Azure - again I am no expert in Azure so this needs to be confirmed internally with your teams.

2. Once the above step is complete then update your SSO profile within Hornbill, you can do this by clicking on the "Update SAML Profile" button against the SSO Profiles that need updating (these are marked with an orange exclamation in the SSO Profile list), and clicking "Yes" on the warning message, after you confirm your SAML profile will be updated and will now use the updated Hornbill metadata to authenticate with your identity provider.

Link to comment
Share on other sites

@Victor This is what I was trying to explain earlier...

 

When I initially configured this SAML for Hornbill I did "not" have to upload the medadata file, it was just a matter of copying the URL from Hornbill Azure config into SAML in Azure....

Link to comment
Share on other sites

Just now, John C said:

When I initially configured this SAML for Hornbill I did "not" have to upload the medadata file, it was just a matter of copying the URL from Hornbill Azure config into SAML in Azure....

If this all in Azure, unless I am missing something, then this looks like something that Microsoft introduced as an option for configuring SSO in Azure...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...