SimpleSAMLphp / Nginx / metatada
4,975 views
Skip to first unread message
mcdo...@gmail.com
Jan 31, 2014, 10:30:02 AM1/31/14
to simple...@googlegroups.com
Hello,
Regards,
David
I'm unable to export my SP metadata because :
SimpleSAML_Error_NotFound: NOTFOUNDREASON('%URL%' => 'https://mydomainname.com/saml/module.php/saml/sp/metadata.php/default-sp', '%REASON%' => 'The URL must at least contain a module name followed by a slash.')
Backtrace: 0 /var/www/html//simplesamlphp/www/module.php:59 (N/A)
Here is my Nginx config (I succeeded to configure SimpleSAMLphp and Nginx not without a problem... (I need to correct cgi.fix_pathinfo=1 in my php.ini-)
server {
listen 443;
server_name mydomainname.com;
root /var/www/html/;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
ssl on;
ssl_certificate ssl/cert.crt;
ssl_certificate_key ssl/cert.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
access_log /var/log/nginx/log_https_access.log;
error_log /var/log/nginx/log_https_error.log;
location ~ ^/saml(.+\.php.*)$ {
alias /var/www/html/simplesamlphp/www/$1;
# fastcgi_split_path_info ^(.+\/module\.php)(/.+)$;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/saml(.*) {
alias /var/www/html/simplesamlphp/www/$1;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
add_header Cache-control no-cache;
}
location ~ \.html$ {
add_header Cache-control no-cache;
}
}
Do you have any idea ?
Regards,
David
Peter Schober
Jan 31, 2014, 11:04:14 AM1/31/14
to simple...@googlegroups.com
* mcdo...@gmail.com <mcdo...@gmail.com> [2014-01-31 16:39]:
metdata generator looks correct, so if SSP thinks the module name is
missing ("saml" in this case) from the path, something is off.
That might not help with getting Nginx setup correct for SSP, but
check the archives, there have been several submissions of what people
had to do ti get it working.
-peter
> SimpleSAML_Error_NotFound: NOTFOUNDREASON('%URL%' =>
> 'https://mydomainname.com/saml/module.php/saml/sp/metadata.php/default-sp',
> '%REASON%' => 'The URL must at least contain a module name followed by a
> slash.')
>
> Backtrace:
> 0 /var/www/html//simplesamlphp/www/module.php:59 (N/A)
>
> Here is my Nginx config (I succeeded to configure SimpleSAMLphp and
> Nginx not without a problem... (I need to correct cgi.fix_pathinfo=1
> in my php.ini-)
Those two statements seem to contradict each other: The path to SSP's
> 'https://mydomainname.com/saml/module.php/saml/sp/metadata.php/default-sp',
> '%REASON%' => 'The URL must at least contain a module name followed by a
> slash.')
>
> Backtrace:
> 0 /var/www/html//simplesamlphp/www/module.php:59 (N/A)
>
> Here is my Nginx config (I succeeded to configure SimpleSAMLphp and
> Nginx not without a problem... (I need to correct cgi.fix_pathinfo=1
> in my php.ini-)
metdata generator looks correct, so if SSP thinks the module name is
missing ("saml" in this case) from the path, something is off.
That might not help with getting Nginx setup correct for SSP, but
check the archives, there have been several submissions of what people
had to do ti get it working.
-peter
mcdo...@gmail.com
Feb 1, 2014, 2:04:35 AM2/1/14
to simple...@googlegroups.com, peter....@univie.ac.at
Thanks for your reply.
My SimpleSamlPhp configuration perfectly works with Apache.
So I thinks this is a problem of Nginx configuration.
I can access to the admin, but enable to generate my sp metadata.
metadata.php not found...
Regards
mcdo...@gmail.com
Feb 3, 2014, 5:19:00 AM2/3/14
to simple...@googlegroups.com, peter....@univie.ac.at
I fixed my problem (nginx configuration).
Regards,
Peter Schober
Feb 3, 2014, 6:06:08 AM2/3/14
to simple...@googlegroups.com
* mcdo...@gmail.com <mcdo...@gmail.com> [2014-02-03 11:19]:
share your findings here as well, for the next time someone comes
along with an Nginx question/problem. Esp. where it deviates from the
previously given instructions (cf. the list archive).
-peter
> I fixed my problem (nginx configuration).
Since you addressed the question to this group you could at least
share your findings here as well, for the next time someone comes
along with an Nginx question/problem. Esp. where it deviates from the
previously given instructions (cf. the list archive).
-peter
mcdo...@gmail.com
Feb 3, 2014, 7:56:50 AM2/3/14
to simple...@googlegroups.com, peter....@univie.ac.at
Here is...
root /var/www/html/;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
ssl on;
ssl_certificate ssl/cert-domainname.fr.crt;
ssl_certificate_key ssl/cert-domainname.fr.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
access_log /var/log/nginx/www_https_access.log;
error_log /var/log/nginx/www_https_error.log;
location ^~ /saml {
alias /var/www/html/simplesamlphp/www; ##
location ~ ^(?<prefix>/saml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$phpfile;
fastcgi_param PATH_INFO $pathinfo if_not_empty;
}
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
add_header Cache-control no-cache;
}
location ~ \.html$ {
add_header Cache-control no-cache;
}
}
AND
cgi.pathinfo = 1 in php.ini
My Authsources.php :
'myclient' => array(
'saml:SP',
'idp' => 'myclient_idp_url',
'NameIDPolicy' => NULL,
'entityID' => NULL,
'certificate' => 'cert-domainname.fr.crt',
'privatekey' => 'cert-domainname.fr.key',
)
And it works like a charm...
Regards,
Peter Schober
Feb 3, 2014, 8:32:43 AM2/3/14
to simple...@googlegroups.com
Teekin Red
Jul 3, 2014, 1:36:10 PM7/3/14
to simple...@googlegroups.com, peter....@univie.ac.at
Wow, thank you so much! I've been battling this problem for hours now. This is the first thing that got me anywhere!
Fred9176
Apr 2, 2015, 2:59:45 AM4/2/15
to simple...@googlegroups.com, peter....@univie.ac.at
Thank you so much. After many tries, this solution is working fine.
Fred
brandcl...@gmail.com
Feb 9, 2017, 12:18:18 AM2/9/17
to SimpleSAMLphp, peter....@univie.ac.at
I Pretty much used
location /simplesaml {
alias /var/simplesamlphp/www;
location ~ ^(?<prefix>/simplesaml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_split_path_info ^(.+?\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$phpfile;
fastcgi_param PATH_INFO $pathinfo if_not_empty;
}
}
Which worked with the metadata export. (for 16.04 and php7)
Chris
Daniel Carnelossi
Sep 18, 2017, 2:59:41 PM9/18/17
to SimpleSAMLphp
Thank Chris,
Works perfect with 16.04 and php 7
Reply all
Reply to author
Forward
0 new messages