New Canvas dependency: libxmlsec

691 views
Skip to first unread message

Zach Wily

unread,
Aug 7, 2012, 3:35:34 PM8/7/12
to canvas-l...@googlegroups.com
Hello everyone,

I just wanted to give you a heads up that Canvas has taken on a new, non-gem dependency that you'll need to satisfy to continue using Canvas. The dependency is libxmlsec, and can be installed the following ways:

If you're using OS X and brew:

$ brew install xmlsec1

If you're using Ubuntu:

$ sudo apt-get install libxmlsec1-dev

If you're using some other flavor of Linux, find the libxmlsec package for your package manager and install it.

The "Getting Started" guides on the wiki have already been updated with this information.

Why did we do this?

As you probably know, Canvas supports several methods of delegated authentication, one of which is SAML. SAML consists of exchanging assertions that identify a user, and those assertions are protected with cryptographic signatures. Before this change, we were verifying the signature manually, and only supported a subset of valid SAML signatures. This change switches Canvas to using the much-better-support xmlsec library for signature verification.

This is required even if you don't use SAML, because the SAML library is loaded even for basic authentication calls (like loading the auth configuration page.)

Thanks,
Zach

Christopher Bennell

unread,
Aug 9, 2012, 1:02:25 PM8/9/12
to canvas-l...@googlegroups.com
Thanks for the heads up Zach. 

bfcoder

unread,
Nov 9, 2012, 2:20:38 PM11/9/12
to canvas-l...@googlegroups.com
Howdy, this is not listed on the wiki in the production start and it is listed incorrectly on the quick start. Could someone please update the wiki? I spent way too long trying to get this to work because it was not listed correctly.

The quick start states this: brew install libxmlsec1
When it should state what you have: brew install xmlsec1

Thanks!
-James

Neptronix

unread,
Nov 9, 2012, 9:59:20 PM11/9/12
to canvas-l...@googlegroups.com
There are dozens of things that are broken in the production start and quick start.
Even worse, is if you install a different ubuntu version! 

I've installed canvas multiple times but are often in too much of a rage blackout to document it.

I think someone over there needs to go through all the steps, find all the broken ones 

PETIT Yannick

unread,
Apr 26, 2013, 1:34:54 PM4/26/13
to canvas-l...@googlegroups.com
Hello,

When trying to host Canvas on Heroku, it breaks because of the xmlsec1 dependancy. Has anyone found a fix for this issue ?

Thanks !

Yannick

mega...@gmail.com

unread,
Jun 20, 2013, 10:19:51 AM6/20/13
to canvas-l...@googlegroups.com
There are xmlsec gems available, for example nokogiri-xmlsec. Isn't it possible to work this way? I for one cannot use heroku now.

Op dinsdag 7 augustus 2012 21:35:34 UTC+2 schreef Zach Wily het volgende:

Zach Wily

unread,
Jun 20, 2013, 10:55:56 AM6/20/13
to canvas-l...@googlegroups.com
nokogiri-xmlsec also uses libxmlsec under the covers. If you can use that gem, you should also be able to use Canvas.

--
Zach Wily | VP Engineering

--
 
---
You received this message because you are subscribed to the Google Groups "Canvas LMS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to canvas-lms-use...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

mega...@gmail.com

unread,
Jun 20, 2013, 1:21:53 PM6/20/13
to canvas-l...@googlegroups.com
Tried to bundle and indeed it does not work without libxmlsec.
Aren't there any alternatives so that Canvas can run on more platforms?

Thanks for the quick reply!

Op donderdag 20 juni 2013 16:55:56 UTC+2 schreef Zach Wily het volgende:

Cody Cutrer

unread,
Jun 20, 2013, 2:20:45 PM6/20/13
to canvas-l...@googlegroups.com
We could probably not fail if xmlsec can't be loaded, and instead just disable SAML.

Cody Cutrer
Software Engineer
Instructure
Reply all
Reply to author
Forward
0 new messages