redirect.trusted sites problem

[Tj O]

I have been trying to debug my service provider. I usually am greeted with this error below:

The debug information below may be of interest to the administrator / help desk:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /var/www/html/emssapp/app/webroot/simplesamlphp/www/module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: Site not in redirect.trusted sites: http%3A%2F%2Fapp.serviceproviderxx.org
Backtrace:
5 /var/www/html/emssapp/app/webroot/simplesamlphp/lib/SimpleSAML/Utilities.php:704 (SimpleSAML_Utilities::redirectUntrustedURL)
4 /var/www/html/emssapp/app/webroot/simplesamlphp/lib/SimpleSAML/Auth/Default.php:254 (SimpleSAML_Auth_Default::handleUnsolicitedAuth)
3 /var/www/html/emssapp/app/webroot/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:533 (sspmod_saml_Auth_Source_SP::onProcessingCompleted)
2 /var/www/html/emssapp/app/webroot/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:486 (sspmod_saml_Auth_Source_SP::handleResponse)
1 /var/www/html/emssapp/app/webroot/simplesamlphp/modules/saml/www/sp/saml2-acs.php:188 (require)
0 /var/www/html/emssapp/app/webroot/simplesamlphp/www/module.php:135 (N/A)

I tried putting the hostname of my service provider in the 'redirect.trustedsites' config option in simplesamlphp/config/config.php

'redirect.trustedsites' => array(

        'http://app.serviceproviderxx.org'

    ),

I also tried putting in 'app.serviceproviderxx.org' and 'http://app.serviceproviderxx.org/' but to no avail.

Any idea on what the problem is?

[Branislav Belohorec]

Hi, try to use HTTPS url for redirect.

Branislav Belohorec

+421 915 212 134
 bbelo...@gmail.com
skype: batikus0308

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp.
For more options, visit https://groups.google.com/d/optout.

[Jaime Pérez Crespo]

Hi,

On 09 Jun 2014, at 13:46 pm, Tj O <t...@sourcepad.com> wrote:
> I have been trying to debug my service provider. I usually am greeted with this error below:
>
> The debug information below may be of interest to the administrator / help desk:
>
> SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
> Backtrace:
> 0 /var/www/html/emssapp/app/webroot/simplesamlphp/www/module.php:180 (N/A)
> Caused by: SimpleSAML_Error_Exception: Site not in redirect.trusted sites: http%3A%2F%2Fapp.serviceproviderxx.org

What SimpleSAMLphp version are you using? That message dates back to 1.11.0, when this option was undocumented. Please make sure to upgrade to the latest version of SimpleSAMLphp, which is 1.12.0.

It is also strange that you get the log message with the URL urlencoded. How does the URL look like in the SimpleSAMLphp URL that contains it before redirection?

> Backtrace:
> 5 /var/www/html/emssapp/app/webroot/simplesamlphp/lib/SimpleSAML/Utilities.php:704 (SimpleSAML_Utilities::redirectUntrustedURL)
> 4 /var/www/html/emssapp/app/webroot/simplesamlphp/lib/SimpleSAML/Auth/Default.php:254 (SimpleSAML_Auth_Default::handleUnsolicitedAuth)
> 3 /var/www/html/emssapp/app/webroot/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:533 (sspmod_saml_Auth_Source_SP::onProcessingCompleted)
> 2 /var/www/html/emssapp/app/webroot/simplesamlphp/modules/saml/lib/Auth/Source/SP.php:486 (sspmod_saml_Auth_Source_SP::handleResponse)
> 1 /var/www/html/emssapp/app/webroot/simplesamlphp/modules/saml/www/sp/saml2-acs.php:188 (require)
> 0 /var/www/html/emssapp/app/webroot/simplesamlphp/www/module.php:135 (N/A)
>
> I tried putting the hostname of my service provider in the 'redirect.trustedsites' config option in simplesamlphp/config/config.php
>
> 'redirect.trustedsites' => array(
> 'http://app.serviceproviderxx.org'
> ),

As previously said, you should upgrade. The final documented feature uses a different name for this option, ‘trusted.url.domains’, much more self-explanatory. Please use that option then and add only the domain of your service provider, instead of the full URL.

> I also tried putting in 'app.serviceproviderxx.org' and 'http://app.serviceproviderxx.org/' but to no avail.

‘app.serviceproviderxx.org’ should work (if you upgrade and use the correct option, of course). If it still doesn’t, check the URL you are redirecting to, it might be wrong or unrecognized as a URL by SimpleSAMLphp.

--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

[Peter Schober]

* Jaime Pérez Crespo <jaime...@uninett.no> [2014-06-10 12:30]:

> As previously said, you should upgrade. The final documented feature
> uses a different name for this option, 'trusted.url.domains', much
> more self-explanatory. Please use that option then and add only the
> domain of your service provider, instead of the full URL.

"Only the domain" meaning the FQDN of the server, right?
Or would "example.org" also suffice for "foo.example.org"?
-peter

[Jaime Pérez Crespo]

You are absolutely right Peter, it’s the FQDN. Not very flexible, but it is how it is.

[Dick Visser]

On 10 June 2014 16:37, Jaime Pérez Crespo <jaime...@uninett.no> wrote:
>> "Only the domain" meaning the FQDN of the server, right?
>> Or would "example.org" also suffice for "foo.example.org"?
>
> You are absolutely right Peter, it's the FQDN. Not very flexible, but it is how it is.

Would it be an idea to make this option accept a regex or glob style pattern?
So that you could for instance have '*.example.org'?

--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands