https://cal.com logo
#general
Title
# general
m

Mark Z.

05/10/2022, 6:11 PM
We're a self hosted, Enterprise user of Cal.com. I'm trying to set up SAML using the instructions, but get errors connecting to the SAML-specific DB. Is there a command (much like yarn workspace @calcom/prisma db-deploy) that is used to precreate the database structure for SAML? Just creating the empty DB didn't seem to work
d

Deepak Prabhakara

05/10/2022, 6:35 PM
The schema is extremely simple and is automatically generated at runtime, only an empty database needs to be created. What is the exact error you are seeing? Happy to point you to the migration scripts as plan B
m

Mark Z.

05/10/2022, 7:18 PM
When I log in as admin and go to the Security page, the load icon spins and I see this in the console: @calcom/webstart error connecting to postgres db: error: no pg_hba.conf entry for host "<<IP>>", user "<<USERNAME>>", database "cal-saml", SSL off
d

Deepak Prabhakara

05/10/2022, 7:26 PM
Look like it’s unable to connect to the database, how are you provisioning the postgres db?
m

Mark Z.

05/10/2022, 7:27 PM
Just pulled up PGAdmin with that username, right clicked and created the db. Nothing else fancy
d

Deepak Prabhakara

05/10/2022, 7:37 PM
It looks like you’ll have to try adding the IP and username to pg_hba.conf
m

Mark Z.

05/10/2022, 8:03 PM
That's what's baffling to me - I don't have a pg_hba.conf file that I've modified. I only added the entry to the .env file with SAML_DATABASE_URL
d

Deepak Prabhakara

05/10/2022, 8:08 PM
Very weird indeed, is the username different from the one used for the cal db?
m

Mark Z.

05/10/2022, 8:09 PM
No, same one. Even though I'm not hosting with Heroku, I found a Heroku KB that mentions that error can come up if your DB doesn't allow SSL to be off. Testing a change now...
d

Deepak Prabhakara

05/10/2022, 8:11 PM
Aah, good pointer to check. If that fails it's worth seeing what's currently in the pg_hba.conf file
m

Mark Z.

05/10/2022, 8:12 PM
Yup, that was it! The Postgresql database I have is hosted on Azure, and it's requiring SSL to connect (not a bad thing). Adding ?sslmode=require to the connection string in .env forced it to connect with SSL, solving the problem. Thanks for hopping on @Deepak Prabhakara to try and help!
🙌 1
the pg_hba.conf is a bit of a red herring. More info (requires login to Heroku): https://help.heroku.com/DR0TTWWD/seeing-fatal-no-pg_hba-conf-entry-errors-in-postgres
d

Deepak Prabhakara

05/10/2022, 8:13 PM
Nice one @Mark Z. , will get this added to the doc 🙏
If you hit any issues with self signed certs then https://boxyhq.com/docs/jackson/deploy/env-variables#pgsslmode might help. If you face any other issues around setting up SAML please let me know
🙏 1