Moisty Charlie VI
Moisty Charlie VI•2d ago

SAML Auth Issue with Slack

nidoes anyone know how to connect zitadel to slack? like use zitadel as the idp for slack to enable sso
8 Replies
Ask Inkeep
Ask Inkeep•2d ago
Hi @Moisty Charlie VI, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question. Answer I wasn't able to find a direct answer, here are some relevant sources: 1. Authenticate users with SAML : This provides comprehensive information about SAML authentication with ZITADEL, including common terms, workflow, and implementation best practices. 2. SAML Endpoints in ZITADEL : Details the specific SAML endpoints available in ZITADEL for integration. Feel free to tag @Ask Inkeep with additional questions.
Moisty Charlie VI
Moisty Charlie VIOP•2d ago
i followed this guide https://www.youtube.com/watch?v=brbQuq4nmaA&ab_channel=AuthnIdentity
AuthnIdentity
YouTube
How to Integrate Slack SSO with AuthnIdentity IdP (Step-by-Step Guide)
🚀 Learn how to integrate Slack with AuthnIdentity as your SAML Identity Provider (IdP) In this step-by-step video, you’ll see exactly how to: ✅ Set up a Slack SAML application in AuthnIdentity
✅ Configure SAML settings, including ACS URL, Entity ID, and certificates
✅ Connect Slack with your IdP
✅ Test and verify the SSO ...
Ask Inkeep
Ask Inkeep•2d ago
Got it. Tagging @Rajat for additional help.
Moisty Charlie VI
Moisty Charlie VIOP•2d ago
but i see this when i try to log in
Moisty Charlie VI
Moisty Charlie VIOP•2d ago
Moisty Charlie VI
Moisty Charlie VIOP•2d ago
heres my xml document 
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://slack.com">
    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
        
        <!-- Specify the supported NameID format -->
        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
        
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://[YOUR-WORKSPACE].slack.com/sso/saml" index="0"/>
        
        <!-- Attribute Consuming Service to specify required and optional attributes -->
        <md:AttributeConsumingService index="0" isDefault="true">
            <md:ServiceName xml:lang="en">Slack SSO Service</md:ServiceName>
            
            <!-- Required Email Attribute -->
            <md:RequestedAttribute Name="User.Email" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="true" />
            
            <!-- Optional Username Attribute -->
            <md:RequestedAttribute Name="User.Username" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="false" />
            
            <!-- Optional First Name Attribute -->
            <md:RequestedAttribute Name="first_name" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="false" />
            
            
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://slack.com">
    <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">
        
        <!-- Specify the supported NameID format -->
        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat>
        
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://[YOUR-WORKSPACE].slack.com/sso/saml" index="0"/>
        
        <!-- Attribute Consuming Service to specify required and optional attributes -->
        <md:AttributeConsumingService index="0" isDefault="true">
            <md:ServiceName xml:lang="en">Slack SSO Service</md:ServiceName>
            
            <!-- Required Email Attribute -->
            <md:RequestedAttribute Name="User.Email" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="true" />
            
            <!-- Optional Username Attribute -->
            <md:RequestedAttribute Name="User.Username" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="false" />
            
            <!-- Optional First Name Attribute -->
            <md:RequestedAttribute Name="first_name" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="false" />
            
            
            <!-- Optional Last Name Attribute -->
            <md:RequestedAttribute Name="last_name" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="false" />
            
        </md:AttributeConsumingService>
        
    </md:SPSSODescriptor>
</md:EntityDescriptor>
            <!-- Optional Last Name Attribute -->
            <md:RequestedAttribute Name="last_name" 
                                 NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified" 
                                 isRequired="false" />
            
        </md:AttributeConsumingService>
        
    </md:SPSSODescriptor>
</md:EntityDescriptor>
Moisty Charlie VI
Moisty Charlie VIOP•2d ago
No description
Moisty Charlie VI
Moisty Charlie VIOP•10h ago
@Rajat any idea what would be happening wit the authorization issues?

Did you find this page helpful?