Azure integration
198 views
Skip to first unread message
Nick
Apr 22, 2015, 2:16:18 PM4/22/15
to simple...@googlegroups.com
I'm trying to integrate with a idp in azure (AD) and we are using simplesamlphp on the sp
I think I have everything configured correctly - clients are redirected to azure for authentication etc, however the MS team integrating this are getting the following when they are passed back
[Fiddler] The connection to 'xxxxxxxx' failed
System.Security.SecurityException Failed to negotiate HTTPS connection with server.fiddler.network.https> HTTPS handshake to xxxxxxxx failed System.IO.IOException.Authentication failed because the remote party has closed the transport stream
Any ideas? We're a little bit stumped as our ssl etc is working fine for serving our site etc...
I get the following in the logs:
Apr 21 22:14:08 simplesamlphp WARNING [e21666ab66] Unable to find the SAML 2 binding used for this request.array (
)
Apr 21 22:14:08 simplesamlphp WARNING [e21666ab66] Request method: 'GET'array (
)
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] Backtrace:
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] 0 D:\Inetpub\wwwroot\client-access\xxxxxxxx\saml\module.php:179 (N/A)
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] Caused by: Exception: Unable to find the current binding.
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] Backtrace:
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] 2 D:\Inetpub\saml\vendor\simplesamlphp\saml2\src\SAML2\Binding.php:97 (SAML2_Binding::getCurrentBinding)
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] 1 D:\Inetpub\saml\modules\saml\www\sp\saml2-acs.php:11 (require)
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] 0 D:\Inetpub\wwwroot\client-access\xxxxxxxx\saml\module.php:134 (N/A)
Apr 21 22:14:08 simplesamlphp ERROR [e21666ab66] Error report with id 234a91db generated.
Apr 21 22:14:08 simplesamlphp DEBUG [e21666ab66] Template: Reading [D:\Inetpub\saml/dictionaries/errors]
Apr 21 22:15:10 simplesamlphp DEBUG [e21666ab66] Session: 'xxxxxxxx' not valid because we are not authenticated.
Apr 21 22:15:10 simplesamlphp DEBUG [e21666ab66] Saved state: '_f317ae3740ab0614e412bbc176e8cf91446646a4e8'
Apr 21 22:15:10 simplesamlphp DEBUG [e21666ab66] Sending SAML 2 AuthnRequest to 'https://sts.windows-ppe.net/xxxxxxxx/'
Apr 21 22:15:10 simplesamlphp DEBUG [e21666ab66] Redirect to 726 byte URL: xxxxxxxx array (
)
Apr 21 22:15:11 simplesamlphp DEBUG [e21666ab66] Loading state: '_f317ae3740ab0614e412bbc176e8cf91446646a4e8'
Apr 21 22:15:11 simplesamlphp DEBUG [e21666ab66] Received SAML2 Response from 'https://sts.windows-ppe.net/xxxxxxxx/'.
Apr 21 22:15:11 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:11 simplesamlphp DEBUG [e21666ab66] Validation with key #0 failed without exception.
Apr 21 22:15:11 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:13 simplesamlphp DEBUG [e21666ab66] Loading state: '_f317ae3740ab0614e412bbc176e8cf91446646a4e8'
Apr 21 22:15:13 simplesamlphp DEBUG [e21666ab66] Received SAML2 Response from 'https://sts.windows-ppe.net/xxxxxxxx/'.
Apr 21 22:15:13 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:13 simplesamlphp DEBUG [e21666ab66] Validation with key #0 failed without exception.
Apr 21 22:15:13 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:16 simplesamlphp DEBUG [e21666ab66] Loading state: '_f317ae3740ab0614e412bbc176e8cf91446646a4e8'
Apr 21 22:15:16 simplesamlphp DEBUG [e21666ab66] Received SAML2 Response from 'https://sts.windows-ppe.net/xxxxxxxx/'.
Apr 21 22:15:16 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:16 simplesamlphp DEBUG [e21666ab66] Validation with key #0 failed without exception.
Apr 21 22:15:16 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:35 simplesamlphp DEBUG [e21666ab66] Session: 'xxxxxxxx' not valid because we are not authenticated.
Apr 21 22:15:35 simplesamlphp DEBUG [e21666ab66] Saved state: '_c3bff8dd6dfae236c46cb8dc1f2b55bd0e63061398'
Apr 21 22:15:35 simplesamlphp DEBUG [e21666ab66] Sending SAML 2 AuthnRequest to 'https://sts.windows-ppe.net/xxxxxxxx/'
Apr 21 22:15:35 simplesamlphp DEBUG [e21666ab66] Redirect to 734 byte URL: xxxxxxxx array (
)
Apr 21 22:15:35 simplesamlphp DEBUG [e21666ab66] Loading state: '_c3bff8dd6dfae236c46cb8dc1f2b55bd0e63061398'
Apr 21 22:15:35 simplesamlphp DEBUG [e21666ab66] Received SAML2 Response from 'https://sts.windows-ppe.net/xxxxxxxx/'.
Apr 21 22:15:35 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:36 simplesamlphp DEBUG [e21666ab66] Validation with key #0 failed without exception.
Apr 21 22:15:36 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:38 simplesamlphp DEBUG [e21666ab66] Loading state: '_c3bff8dd6dfae236c46cb8dc1f2b55bd0e63061398'
Apr 21 22:15:38 simplesamlphp DEBUG [e21666ab66] Received SAML2 Response from 'https://sts.windows-ppe.net/xxxxxxxx/'.
Apr 21 22:15:38 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Apr 21 22:15:38 simplesamlphp DEBUG [e21666ab66] Validation with key #0 failed without exception.
Apr 21 22:15:38 simplesamlphp DEBUG [e21666ab66] Has 1 candidate keys for validation.
Peter Schober
Apr 22, 2015, 5:15:19 PM4/22/15
to simple...@googlegroups.com
* Nick <hone...@gmail.com> [2015-04-22 20:16]:
front channel bindings, i.e. the only place where HTTPS comes into
play is between the webserver (not even SimpleSAMLphp) and the
webbrowser, which has nothing to do with SAML.
-peter
> [Fiddler] The connection to 'xxxxxxxx' failed
> System.Security.SecurityException Failed to negotiate HTTPS connection with
> server.fiddler.network.https> HTTPS handshake to xxxxxxxx failed
> System.IO.IOException.Authentication failed because the remote party has
> closed the transport stream
I don't see the relation to SimpleSAMLphp, which orinarily only uses
> System.Security.SecurityException Failed to negotiate HTTPS connection with
> server.fiddler.network.https> HTTPS handshake to xxxxxxxx failed
> System.IO.IOException.Authentication failed because the remote party has
> closed the transport stream
front channel bindings, i.e. the only place where HTTPS comes into
play is between the webserver (not even SimpleSAMLphp) and the
webbrowser, which has nothing to do with SAML.
-peter
Nick
Apr 23, 2015, 2:17:41 AM4/23/15
to simple...@googlegroups.com, peter....@univie.ac.at
Thanks Peter, that is what I thought but wanted to rule it out as all our other services are fine over https - I don't have access to the idp so this is extremely frustrating to debug
I'm scheduling a screen share with the MS guys today so hopefully can move this forward
Andreas Bontozoglou
Apr 18, 2016, 6:36:55 AM4/18/16
to SimpleSAMLphp, peter....@univie.ac.at
Cheers,
Andreas
Nick
Apr 18, 2016, 7:28:54 AM4/18/16
to SimpleSAMLphp, peter....@univie.ac.at
Hi Andreas
In the end we traced this back to using PHP 5.4 (VC9/OpenSSL 0.9.8) with apache 2.4 (VC11/OpenSSL 1.0.1) - upgrading PHP to 5.5 (VC11) solved the issue for us
Hope this helps
Nick
Andreas Bontozoglou
Apr 20, 2016, 6:00:17 PM4/20/16
to SimpleSAMLphp, peter....@univie.ac.at
Hi Nick
Thanks for your answer, upgrading PHP will indeed solve the issue!
Cheers,
Andreas
Reply all
Reply to author
Forward
0 new messages