URL not allowed when trying to access simpleSAMLphp interface

2,248 views
Skip to first unread message

Dharma Teja Adusumilli

unread,
Oct 4, 2016, 10:59:55 PM10/4/16
to SimpleSAMLphp

Hi,


When I try to log in as administrator on the simpleSAMLphp interface. I get the following error-


SimpleSAML_Error_Error: UNHANDLEDEXCEPTION


Backtrace:
0 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: URL not allowed: https://dev-horizonblue.devportal.apigee.com:15133/simplesaml/module.php/core/login-admin.php?ReturnTo=https%3A%2F%2Fdev-horizonblue.devportal.apigee.com%3A15133%2Fsimplesaml%2Fmodule.php%2Fcore%2Ffrontpage_config.php
Backtrace:
2 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/lib/SimpleSAML/Utils/HTTP.php:331 (SimpleSAML\Utils\HTTP::checkURLAllowed)
1 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/modules/core/www/as_login.php:21 (require)
0 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:137 (N/A)


Just so you know, I've given this for the baseurlpath in config.php - 'https://'. $host .'/simplesaml/'

Pretty new to simplesaml, so any help is welcome.


Thanks,

Marco Ferrante

unread,
Oct 5, 2016, 2:20:30 AM10/5/16
to simple...@googlegroups.com
Hi,
it seems you forgot the port in the base url:


'https://'. $host .':15133/simplesaml/'

(where $host is assigned?)

Il 05/10/2016 04:59, Dharma Teja Adusumilli ha scritto:
> Hi,
>
>
> When I try to log in as administrator on the simpleSAMLphp interface. I
> get the following error-
>
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
>
>
> Backtrace:
> 0
> /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:180
> (N/A)
> Caused by: SimpleSAML_Error_Exception: URL not
> allowed: https://dev-horizonblue.devportal.apigee.com:15133/simplesaml/module.php/core/login-admin.php?ReturnTo=https%3A%2F%2Fdev-horizonblue.devportal.apigee.com%3A15133%2Fsimplesaml%2Fmodule.php%2Fcore%2Ffrontpage_config.php
> Backtrace:
> 2
> /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/lib/SimpleSAML/Utils/HTTP.php:331
> (SimpleSAML\Utils\HTTP::checkURLAllowed)
> 1
> /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/modules/core/www/as_login.php:21
> (require)
> 0
> /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:137
> (N/A)
>
>
> Just so you know, I've given this for the baseurlpathin config.php
> - 'https://'. $host .'/simplesaml/'
>
> Pretty new to simplesaml, so any help is welcome.
>
>
> Thanks,
>
> --
> You received this message because you are subscribed to the Google
> Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to simplesamlph...@googlegroups.com
> <mailto:simplesamlph...@googlegroups.com>.
> To post to this group, send email to simple...@googlegroups.com
> <mailto:simple...@googlegroups.com>.
> Visit this group at https://groups.google.com/group/simplesamlphp.
> For more options, visit https://groups.google.com/d/optout.
Message has been deleted

Dharma Teja Adusumilli

unread,
Oct 6, 2016, 1:26:03 AM10/6/16
to SimpleSAMLphp

Hi again,

I will be clear this time.

I am currently working on an apigee dev-portal and was recently asked to implement SAML login with Ping as our IdP. I installed simpleSAMLphp on our apigee (Drupal) site and configured it to work as an SP. But, after all the configuration when I try to log in as admin on the simpleSAMLphp interface ( @ url/simplesaml), an exception was thrown at me -

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: URL not allowed: https://dev-horizonblue.devportal.apigee.com:15133/simplesaml/module.php/core/login-admin.php?ReturnTo=https%3A%2F%2Fdev-horizonblue.devportal.apigee.com%3A15133%2Fsimplesaml%2Fmodule.php%2Fcore%2Ffrontpage_config.php

Backtrace:
2 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/lib/SimpleSAML/Utils/HTTP.php:331 (SimpleSAML\Utils\HTTP::checkURLAllowed)
1 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/modules/core/www/as_login.php:21 (require)
0 /srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:137 (N/A)

Just so you know, I've given this for the

 $host = $_SERVER['HTTP_HOST'];
baseurlpath => 'https://'. $host .'/simplesaml/'

And now with this exception on my simpleSAMLphp interface, when I click on back in the browser it says I am logged in as admin and everything works fine. So, I started to work-around using this technique when on simpleSAMLphp interface. Exported SP metadata to my Ping admin and then imported Ping's federated metadata into /private/simpleSAMLphp-1.14.8/metadata/saml20-idp-remote.php

I see the IdP's metadata on my simpleSAMLphp interface.Now, again I noticed two problems i.e.

1) I don't see the Federated login link on my apigee dev-portal.

2) When, I try http://dev-horizonblue.devportal.apigee.com/saml_login - I see a page not found error.

I know this information won't be sufficient to get a grasp of my problem, but I just hope someone points me in the right direction to debug.

Thanks for your time !

Dharma

Marco Ferrante

unread,
Oct 6, 2016, 2:38:44 AM10/6/16
to simple...@googlegroups.com
Ok, in the exception is not-so-clearly reported that the URL

http://dev-horizonblue.devportal.apigee.com:15133/

_with the port_ is invalid, meaning it is not the one used by
SimpleSAMLphp nor allowed as trusted.

I don't know your setup, but if you development site runs on a non
standard port (HTTP 80 or HTTPS 443), you need to specify it in the
baseurlpath.

Or you can add the host:port to the trusted.url.domains array, but
probably you will get errors in other operations.

Cheers.

Il 06/10/2016 07:26, Dharma Teja Adusumilli ha scritto:
>
> Hi again,
>
> I will be clear this time.
>
> I am currently working on an apigee dev-portal and was recently asked to
> implement SAML login with Ping as our IdP. I installed simpleSAMLphp on
> our apigee (Drupal) site and configured it to work as an SP. But, after
> all the configuration when I try to log in as admin on the simpleSAMLphp
> interface ( @ url/simplesaml), an exception was thrown at me -
>
> SimpleSAML_Error_Error:UNHANDLEDEXCEPTION
> Backtrace:0/srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:180(N/A)Causedby:SimpleSAML_Error_Exception:URL
> notallowed:https://dev-horizonblue.devportal.apigee.com:15133/simplesaml/module.php/core/login-admin.php?ReturnTo=https%3A%2F%2Fdev-horizonblue.devportal.apigee.com%3A15133%2Fsimplesaml%2Fmodule.php%2Fcore%2Ffrontpage_config.php
> <http://dev-horizonblue.devportal.apigee.com:15133/simplesaml/module.php/core/login-admin.php?ReturnTo=https%3A%2F%2Fdev-horizonblue.devportal.apigee.com%3A15133%2Fsimplesaml%2Fmodule.php%2Fcore%2Ffrontpage_config.php>Backtrace:2/srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/lib/SimpleSAML/Utils/HTTP.php:331(SimpleSAML\Utils\HTTP::checkURLAllowed)1/srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/private/simplesamlphp-1.14.8/modules/core/www/as_login.php:21(require)0/srv/bindings/953b1a2e29694ba48a67beea8f81c386/code/simplesaml/module.php:137(N/A)
>
> Just so you know, I've given this for the
>
> $host = $_SERVER['HTTP_HOST'];
>
> baseurlpath =>'https://'.$host .'/simplesaml/'
Reply all
Reply to author
Forward
0 new messages