SSP into infinite loop
164 views
Skip to first unread message
Amit Sukapure
Dec 27, 2021, 6:20:20 AM12/27/21
to SimpleSAMLphp
Hello,
I have recently upgraded my code to SSP v1.19.4 from v1.17.2.
Unfortunately, after upgrading the library the authentication went to infinite loop.
Below are technical details -
Working with v1.17.2 and PHP7.3
Not working with v1.19.4 and PHP8
Logs -
Dec 27 16:22:59 simplesamlphp DEBUG [caa6cc9880] Session: 'CS21' not valid because we are not authenticated.
Dec 27 16:23:00 simplesamlphp WARNING [caa6cc9880] The class or interface 'SimpleSAML_Utilities' is now using namespaces, please use 'SimpleSAML\Utilities'.
Dec 27 16:23:00 simplesamlphp WARNING [caa6cc9880] The class or interface 'SimpleSAML_Metadata_SAMLParser' is now using namespaces, please use 'SimpleSAML\Metadata\SAMLParser'.
Dec 27 16:23:02 simplesamlphp DEBUG [caa6cc9880] Saved state: '_b90cc48b5fa4d1c47fd6c1d87eb78510043ca0015f'
Dec 27 16:23:02 simplesamlphp DEBUG [caa6cc9880] Sending SAML 2 AuthnRequest to 'http://www.okta.com/SOMEID'
Dec 27 16:23:02 simplesamlphp DEBUG [caa6cc9880] Redirect to 793 byte URL: URLWITHDATA
Dec 27 16:23:05 simplesamlphp WARNING [a4fe932416] The class or interface 'SimpleSAML_Utilities' is now using namespaces, please use 'SimpleSAML\Utilities'.
Dec 27 16:23:05 simplesamlphp WARNING [a4fe932416] The class or interface 'SimpleSAML_Metadata_SAMLParser' is now using namespaces, please use 'SimpleSAML\Metadata\SAMLParser'.
Dec 27 16:23:05 simplesamlphp DEBUG [a4fe932416] Loading state: '_b90cc48b5fa4d1c47fd6c1d87eb78510043ca0015f'
Dec 27 16:23:05 simplesamlphp WARNING [a4fe932416] Could not load state specified by InResponseTo: NOSTATE Processing response as unsolicited.
Dec 27 16:23:05 simplesamlphp DEBUG [a4fe932416] Received SAML2 Response from 'http://www.okta.com/exk4dhtrmhE7vJioC357'.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Has 1 candidate keys for validation.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Validation with key #0 succeeded.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Has 1 candidate keys for validation.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Validation with key #0 succeeded.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Filter config for http://www.okta.com/exk4dhtrmhE7vJioC357->https://localhost/CS21/..[dirs]../simplesamlphp/www/module.php/saml/sp/metadata.php/CS21: array ( 0 => SimpleSAML\Module\core\Auth\Process\LanguageAdaptor::__set_state(array( 'langattr' => 'preferredLanguage', 'priority' => 90, )),)
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Session: doLogin("CS21")
Dec 27 16:23:06 simplesamlphp DEBUG [528258ad6d] Session: 'CS21' not valid because we are not authenticated.
Dec 27 16:23:08 simplesamlphp WARNING [528258ad6d] The class or interface 'SimpleSAML_Utilities' is now using namespaces, please use 'SimpleSAML\Utilities'.
Dec 27 16:23:00 simplesamlphp WARNING [caa6cc9880] The class or interface 'SimpleSAML_Utilities' is now using namespaces, please use 'SimpleSAML\Utilities'.
Dec 27 16:23:00 simplesamlphp WARNING [caa6cc9880] The class or interface 'SimpleSAML_Metadata_SAMLParser' is now using namespaces, please use 'SimpleSAML\Metadata\SAMLParser'.
Dec 27 16:23:02 simplesamlphp DEBUG [caa6cc9880] Saved state: '_b90cc48b5fa4d1c47fd6c1d87eb78510043ca0015f'
Dec 27 16:23:02 simplesamlphp DEBUG [caa6cc9880] Sending SAML 2 AuthnRequest to 'http://www.okta.com/SOMEID'
Dec 27 16:23:02 simplesamlphp DEBUG [caa6cc9880] Redirect to 793 byte URL: URLWITHDATA
Dec 27 16:23:05 simplesamlphp WARNING [a4fe932416] The class or interface 'SimpleSAML_Utilities' is now using namespaces, please use 'SimpleSAML\Utilities'.
Dec 27 16:23:05 simplesamlphp WARNING [a4fe932416] The class or interface 'SimpleSAML_Metadata_SAMLParser' is now using namespaces, please use 'SimpleSAML\Metadata\SAMLParser'.
Dec 27 16:23:05 simplesamlphp DEBUG [a4fe932416] Loading state: '_b90cc48b5fa4d1c47fd6c1d87eb78510043ca0015f'
Dec 27 16:23:05 simplesamlphp WARNING [a4fe932416] Could not load state specified by InResponseTo: NOSTATE Processing response as unsolicited.
Dec 27 16:23:05 simplesamlphp DEBUG [a4fe932416] Received SAML2 Response from 'http://www.okta.com/exk4dhtrmhE7vJioC357'.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Has 1 candidate keys for validation.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Validation with key #0 succeeded.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Has 1 candidate keys for validation.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Validation with key #0 succeeded.
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Filter config for http://www.okta.com/exk4dhtrmhE7vJioC357->https://localhost/CS21/..[dirs]../simplesamlphp/www/module.php/saml/sp/metadata.php/CS21: array ( 0 => SimpleSAML\Module\core\Auth\Process\LanguageAdaptor::__set_state(array( 'langattr' => 'preferredLanguage', 'priority' => 90, )),)
Dec 27 16:23:06 simplesamlphp DEBUG [a4fe932416] Session: doLogin("CS21")
Dec 27 16:23:06 simplesamlphp DEBUG [528258ad6d] Session: 'CS21' not valid because we are not authenticated.
Dec 27 16:23:08 simplesamlphp WARNING [528258ad6d] The class or interface 'SimpleSAML_Utilities' is now using namespaces, please use 'SimpleSAML\Utilities'.
Then it is repeating above same logs.
Thanks in advance.
Amit Sukapure
Jan 3, 2022, 1:29:05 AM1/3/22
to SimpleSAMLphp
Solution -
Previously, it was allowed to work with HTTP, and the latest release forced it to use HTTPS.
So I disabled the session.cookie.secure in configuration still I was getting the error to use HTTPS.
Later, I installed a certificate for XAMPP for HTTPS, tried in chrome browser I was getting loop error.
Then, I simply enabled the
session.cookie.secure and it worked absolutely fine.
Thanks
Reply all
Reply to author
Forward
0 new messages