Hi,
I'm pretty new to SSP and SAML in general but I had working test environment set up with 1.14.0.
I have an SP which is which is running on Debian 7, php 5.4.45 and I'm using an ADFS based IDP. I'm using Apache (2.2), memcached (1.4.13) and mod-auth-memcookie (1.0.2-5). As I said this worked fine with 1.14.0, but after upgrading to SSP 1.14.7 I seem to have a number of problems.
I followed the upgrade instructions as described on the SSP site and copied over the config and metadata (and cert) directories from the 14.0 installation.
I have Apache set up require a valid user for specific directories:
<Location />
Auth_memCookie_Memcached_AddrPort "
127.0.0.1:11211"
Auth_memCookie_Authoritative on
Auth_memCookie_SessionTableSize "40"
AuthType Cookie
AuthName "My Login"
ErrorDocument 401 "/simplesaml/authmemcookie.php"
</Location>
<Location /myDir>
Require valid-user
</Location>
If I try to access myDir/script.php I get redirected to the IDP as expected but after successfully authenticating I get redirected to a mangled url which is a combination of the ErrorDocument specified in the Apache config and myDir/script.php, something like simplesaml/authmemcookie.phppt.php. I've tried changing the url to the correct one to see what happens, but when I go to simplesaml/authmemcookie.php the page repeatedly redirects to itself and creates lots of new sessions (20+) until it errors with ERR_TOO_MANY_REDIRECTS (in Chrome). This could be a red herring and may be something that I have configured incorrectly, but I’m not sure why I’m having these issues with the latest version. Here’s a section of my SSP log if that helps anyone.
Aug 21 13:06:20 simplesamlphp DEBUG [85fc75476x] Loading state: ‘_b1mfo5b1c4a6395c0329347da1730766426b0444v9’
Aug 21 13:06:20 simplesamlphp DEBUG [85fc75476x] Received SAML2 Response from ‘idp’.
Aug 21 13:06:20 simplesamlphp DEBUG [85fc75476x] Has 1 candidate keys for validation.
Aug 21 13:06:20 simplesamlphp DEBUG [85fc75476x] Validation with key #0 failed without exception.
Aug 21 13:06:20 simplesamlphp DEBUG [85fc75476x] Decryption with key #0 succeeded.
Aug 21 13:06:20 simplesamlphp DEBUG [85fc75476x] Has 1 candidate keys for validation.
Aug 21 13:06:20 simplesamlphp DEBUG [85fc75476x] Validation with key #0 succeeded.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp'.
Aug 21 14:13:42 simplesamlphp DEBUG [vvf84b17tu] Session: Valid session found with 'default-sp
…
I have also tried setting up a fresh install of 1.14.7 with the same result, can anyone help please?
Thanks
MJ