State information lost error when using sql store.type
Matthew Terentjev
I have configured SSO using SimpleSAMLphp and ADFS. It works
perfectly well when store.type is phpsession, however as soon as I
switch to sql, I start to get State information lost error.
Backtrace:
2 /var/www/simplesamlphp/lib/SimpleSAML/Auth/State.php:263 (SimpleSAML_Auth_State::loadState)
1 /var/www/simplesamlphp/modules/saml/www/sp/saml2-acs.php:78 (require)
0 /var/www/simplesamlphp/www/module.php:137 (N/A)
Php can create and write SQL file just fine.
When expecting simplesaml log file, I get the following errors:
Jul 18 11:51:30 simplesamlphp WARNING [cbe4bc385b] Invalid AuthToken cookie.
or
Jul 13 15:57:16 simplesamlphp WARNING [7ef540ac02] Missing AuthToken cookie.
What this might be? and why it works just fine when session store.type is phpsession and it doesn't work when store type is sql?
I have tried to 'session.cookie.domain' => '.example.org', setting to make sure it is my domain 'session.cookie.secure' => true or false doesn't make any difference either.
I am wondering if anyone had anything similar happening?
Jaime Perez Crespo
The state information lost errors are almost always caused by bad session configuration. Given that it either works or fails for you depending on the backend you are using, it really points out in that direction. Double check your configuration, and remember that the PHP session handler in SimpleSAMLphp has different configuration options than the rest of the handlers (SQL & memcache).
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Matthew Terentjev
I will keep trying. Strange thing is, as soon as I switch to sql, I even have difficulty logging in as admin to the panel. It works for the first time. But as soon as I log out and try again, it doesn't login. Just refreshing username and password page, though the log has the following:
Jul 22 14:11:50 simplesamlphp NOTICE STAT [cb3730087e] User 'admin' has been successfully authenticated.
Jul 22 14:11:50 simplesamlphp WARNING [44c81582ad] Missing AuthToken cookie.
Jul 22 14:11:52 simplesamlphp NOTICE STAT [7b85a3e2db] User 'admin' has been successfully authenticated.
Jul 22 14:11:51 simplesamlphp WARNING [3f73ecf961] Missing AuthToken cookie.
I will keep trying ;)
Jaime Perez Crespo
Look at the “track ID” in every log line (the string between [ ]). It’s changing for every line. That means SimpleSAMLphp is unable to either receive the session cookie or to retrieve it from the backend. In any case, both are configuration issues.
I’d suggest you to switch on debugging and increase the log level also to debug, and use something like SAML tracer to verify that you are getting the session cookie correctly and sending it back for the next request.
On 22 Jul 2016, at 16:55 PM, Matthew Terentjev <matthew....@gmail.com> wrote:
> Thank you, Jaime.
>
> I will keep trying. Strange thing is, as soon as I switch to sql, I even have difficulty logging in as admin to the panel. It works for the first time. But as soon as I log out and try again, it doesn't login. Just refreshing username and password page, though the log has the following:
>
> Jul 22 14:11:50 simplesamlphp NOTICE STAT [cb3730087e] User 'admin' has been successfully authenticated.
> Jul 22 14:11:50 simplesamlphp WARNING [44c81582ad] Missing AuthToken cookie.
>
> Jul 22 14:11:52 simplesamlphp NOTICE STAT [7b85a3e2db] User 'admin' has been successfully authenticated.
> Jul 22 14:11:51 simplesamlphp WARNING [3f73ecf961] Missing AuthToken cookie.
>
> I will keep trying ;)