not able to access to admin interface

[raffaele....@imtlucca.it]

Hi,
I'm trying to access to my idp, web interface as administrator.
In config file I had set the password,
the problem is that it doesn't work.

In the config file I set the password in cleartext.
Is that correct?

For user authentication against sp I use a custom module.
Is the web administration part using that module as well?
If yes, should I put a user Administrator in the db to access the administration?

Thank you very much

[Mauricio Tavares]

AFAIK the IdP should not be trying to authenticate against an SP. You do define if it is using a local authentication system (database, plain file, etc) or remote (like kerberos or ldap). However, I would expect the IdP to only authenticate *itself* locally, but offer to the SPs different means of authentication. After all, that is the job of the IdP: authenticate SPs. 

--
You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To post to this group, send email to simple...@googlegroups.com.
Visit this group at http://groups.google.com/group/simplesamlphp?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Dick Visser]

On 12 June 2013 15:52, <raffaele....@imtlucca.it> wrote:
> Hi,
> I'm trying to access to my idp, web interface as administrator.
> In config file I had set the password,
> the problem is that it doesn't work.

What do you mean by "it doesn't work"?
Do you get access denied, an HTTP error, or what?
Also, which URL did you try to access?

> In the config file I set the password in cleartext.
> Is that correct?

That could be correct, but it also could be wrong.
It depends HOW you configured it.
So, send the relevant context of the configuration file, with a masked password.

> For user authentication against sp I use a custom module.
> Is the web administration part using that module as well?

No.



--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands

[raffaele....@imtlucca.it]

On Wednesday, June 12, 2013 4:27:59 PM UTC+2, Dick Visser wrote:

On 12 June 2013 15:52,  <raffaele....@imtlucca.it> wrote:
> Hi,
> I'm trying to access to my idp, web interface as administrator.
> In config file I had set the password,
> the problem is that it doesn't work.

What do you mean by "it doesn't work"?
Do you get access denied, an HTTP error, or what?
Also, which URL did you try to access?

I'm trying to access https://------------------/idp/auth/login-admin.php?
It says "Incorrect username or password. "
Of course it must be the password because I'm not able to change the username, it's fixed to "Administrator".
 

> In the config file I set the password in cleartext.
> Is that correct?

That could be correct, but it also could be wrong.
It depends HOW you configured it.
So, send the relevant context of the configuration file, with a masked password.

in config/config.php

"
  'auth.adminpassword'            => '------------'',
  'admin.protectindexpage'        => false,
  'admin.protectmetadata'         => false,

 'secretsalt' => '------------------------------------------',

"
 

[Dick Visser]

On 12 June 2013 16:37, <raffaele....@imtlucca.it> wrote:

> I'm trying to access https://------------------/idp/auth/login-admin.php?
> It says "Incorrect username or password. "
> Of course it must be the password because I'm not able to change the
> username, it's fixed to "Administrator".


>> > In the config file I set the password in cleartext.
>> > Is that correct?
>>
>> That could be correct, but it also could be wrong.
>> It depends HOW you configured it.
>> So, send the relevant context of the configuration file, with a masked
>> password.
>
>
> in config/config.php
>
> "
> 'auth.adminpassword' => '------------'',

This all seems to make sense, except for the extra single-quote, but I
assume that's a typo.

Maybe the password has UTF-8 characters and/or got corrupted during copying?

[raffaele....@imtlucca.it]

On Wednesday, June 12, 2013 5:02:19 PM UTC+2, Dick Visser wrote:

On 12 June 2013 16:37,  <raffaele....@imtlucca.it> wrote:

> I'm trying to access https://------------------/idp/auth/login-admin.php?
> It says "Incorrect username or password. "
> Of course it must be the password because I'm not able to change the
> username, it's fixed to "Administrator".


>> > In the config file I set the password in cleartext.
>> > Is that correct?
>>
>> That could be correct, but it also could be wrong.
>> It depends HOW you configured it.
>> So, send the relevant context of the configuration file, with a masked
>> password.
>
>
> in config/config.php
>
> "
>   'auth.adminpassword'            => '------------'',

This all seems to make sense, except for the extra single-quote, but I
assume that's a typo.

Maybe the password has UTF-8 characters and/or got corrupted during copying?

I just wrote a very simple password for test.
I don't understand why it doesn't work.
Could it be same kind of access list somewhere?
 

[Mauricio Tavares]

On Wed, Jun 12, 2013 at 11:08 AM, <raffaele....@imtlucca.it> wrote:

On Wednesday, June 12, 2013 5:02:19 PM UTC+2, Dick Visser wrote:

On 12 June 2013 16:37,  <raffaele....@imtlucca.it> wrote:

> I'm trying to access https://------------------/idp/auth/login-admin.php?
> It says "Incorrect username or password. "
> Of course it must be the password because I'm not able to change the
> username, it's fixed to "Administrator".


>> > In the config file I set the password in cleartext.
>> > Is that correct?
>>
>> That could be correct, but it also could be wrong.
>> It depends HOW you configured it.
>> So, send the relevant context of the configuration file, with a masked
>> password.
>
>
> in config/config.php
>
> "
>   'auth.adminpassword'            => '------------'',

This all seems to make sense, except for the extra single-quote, but I
assume that's a typo.

Maybe the password has UTF-8 characters and/or got corrupted during copying?

I just wrote a very simple password for test.
I don't understand why it doesn't work.
Could it be same kind of access list somewhere?
 

      There are some debug options in the config.php file. Maybe that will help you find out what is going on. Also, check the apache error.log file for possible clues.

 

--
Dick Visser
System & Networking Engineer
TERENA Secretariat
Singel 468 D, 1017 AW Amsterdam
The Netherlands

--

[Klaas Wierenga]

On Jun 12, 2013, at 5:15 PM, Mauricio Tavares <raub...@gmail.com> wrote:

check also the http server error-log to see if you see anything meaningful

Klaas

[raffaele....@imtlucca.it]

In the log of simplesaml I get :

"
Jun 12 17:49:55 simplesamlphp INFO [29e544588f] AUTH -admin: Accessing auth endpoint login-admin
Jun 12 17:49:55 simplesamlphp NOTICE STAT [29e544588f] AUTH-login-admin Failed
Jun 12 17:49:55 simplesamlphp INFO [29e544588f] error_wrongpassword
Jun 12 17:49:55 simplesamlphp DEBUG [29e544588f] Template: Reading [/usr/share/simplesamlphp/dictionaries/login]

"

It seems like it takes a different password then the one I wrote in config.php

[Dick Visser]

On 12 June 2013 17:52, <raffaele....@imtlucca.it> wrote:
> In the log of simplesaml I get :
>
> "
> Jun 12 17:49:55 simplesamlphp INFO [29e544588f] AUTH -admin: Accessing auth
> endpoint login-admin
> Jun 12 17:49:55 simplesamlphp NOTICE STAT [29e544588f] AUTH-login-admin
> Failed
> Jun 12 17:49:55 simplesamlphp INFO [29e544588f] error_wrongpassword
> Jun 12 17:49:55 simplesamlphp DEBUG [29e544588f] Template: Reading
> [/usr/share/simplesamlphp/dictionaries/login]
>
> "
>
> It seems like it takes a different password then the one I wrote in
> config.php

You don't have 'auth.adminpassword' configured a second time
somewhere later in config.php?

[raffaele....@imtlucca.it]

On Wednesday, June 12, 2013 8:27:10 PM UTC+2, Dick Visser wrote:

On 12 June 2013 17:52,  <raffaele....@imtlucca.it> wrote:
> In the log of simplesaml I get :
>
> "
> Jun 12 17:49:55 simplesamlphp INFO [29e544588f] AUTH -admin: Accessing auth
> endpoint login-admin
> Jun 12 17:49:55 simplesamlphp NOTICE STAT [29e544588f] AUTH-login-admin
> Failed
> Jun 12 17:49:55 simplesamlphp INFO [29e544588f] error_wrongpassword
> Jun 12 17:49:55 simplesamlphp DEBUG [29e544588f] Template: Reading
> [/usr/share/simplesamlphp/dictionaries/login]
>
> "
>
> It seems like it takes a different password then the one I wrote in
> config.php

You don't have 'auth.adminpassword'  configured a second time
somewhere later in config.php?

I did grep all the files, didn't find anywhere.
Becuase there were other things broken I just decided to reinstall simplesamlphp from the source (previously I installed it with a debian package)

Now it works properly.
 

[Thijs Kinkhorst]

Op donderdag 13 juni 2013 10:38:02 schreef raffaele....@imtlucca.it:

> I did grep all the files, didn't find anywhere.
> Becuase there were other things broken I just decided to reinstall
> simplesamlphp from the source (previously I installed it with a debian
> package)

You should really include this information as it would have enabled to answer
your question instantly.

The Debian package has at the bottom of config.php:
require_once('/var/lib/simplesamlphp/secrets.inc.php');
which has the admin password there.

This is quite explicitly noted in config.php near the relevant setting:

/**
* This password must be kept secret, and modified from the default value
123.
* This password will give access to the installation page of simpleSAMLphp
with
* metadata listing and diagnostics pages.
*/
// Debian: this password is in /var/lib/simplesamlphp/secrets.inc.php
//'auth.adminpassword' => '123',

'admin.protectindexpage' => false,
'admin.protectmetadata' => false,

--
Thijs Kinkhorst <th...@uvt.nl> – LIS Unix

Universiteit van Tilburg – Library and IT Services • Postbus 90153, 5000 LE
Bezoekadres > Warandelaan 2 • Tel. 013 466 3035 • G 236 • http://www.uvt.nl

[Mauricio Tavares]

On Thu, Jun 13, 2013 at 5:39 AM, Thijs Kinkhorst <th...@uvt.nl> wrote:

Op donderdag 13 juni 2013 10:38:02 schreef raffaele....@imtlucca.it:

> I did grep all the files, didn't find anywhere.
> Becuase there were other things broken I just decided to reinstall
> simplesamlphp from the source (previously I installed it with a debian
> package)

You should really include this information as it would have enabled to answer
your question instantly.

The Debian package has at the bottom of config.php:
  require_once('/var/lib/simplesamlphp/secrets.inc.php');
which has the admin password there.

      I too wished I had known that, as I had done installs using the debian package *and* the official packages (someone might remember me talking about that some weeks ago). There are things you need to account for (/usr/share/simplesamlphp and /etc/defaults/simplesamlphp vs /var/simplesamlphp among other things), but otherwise it is completely doable. 

 

I wrote some notes (for myself) on setting a simplesamlphp SP using the ubuntu packages. One of my specific notes is:

2.1 Default pw is found by doing

fgrep 'auth.adminpassword'  /var/lib/simplesamlphp/secrets.inc.php

[Thijs Kinkhorst]

Op donderdag 13 juni 2013 15:45:23 schreef Mauricio Tavares:

> You should really include this information as it would have enabled to
> answer your question instantly.
>
> The Debian package has at the bottom of config.php:
> require_once('/var/lib/simplesamlphp/secrets.inc.php');
> which has the admin password there.
>
> I too wished I had known that, as I had done installs using the
> debian package *and* the official packages (someone might remember me
> talking about that some weeks ago).

As I said it's documented right at the value of that setting in config.php.
I'm open to suggestions on where to document it so it's more obvious.

> There are things you need to account
> for (/usr/share/simplesamlphp and /etc/defaults/simplesamlphp vs

The latter doesn't exist.. but probably you're referring to
/etc/simplesamlphp/

[Mauricio Tavares]

On Thu, Jun 13, 2013 at 9:47 AM, Thijs Kinkhorst <th...@uvt.nl> wrote:

Op donderdag 13 juni 2013 15:45:23 schreef Mauricio Tavares:

> You should really include this information as it would have enabled to
> answer your question instantly.
>
>  The Debian package has at the bottom of config.php:
>    require_once('/var/lib/simplesamlphp/secrets.inc.php');
>  which has the admin password there.
>
>       I too wished I had known that, as I had done installs using the

      Actually, by that I meant if I knew the OP was using the debian/ubuntu packages, I could be more helpful.

 

> debian package *and* the official packages (someone might remember me
> talking about that some weeks ago).

As I said it's documented right at the value of that setting in config.php.
I'm open to suggestions on where to document it so it's more obvious.

      I do agree. My note (to myself) is for when I write me a config script ("press 1 to deploy a IdP configured to our network, 2 for a SP, 3 for coffee and sugar."). I wonder if having a note by where auth.adminpassword is normally defined saying something like "hey, chum! The password in the debian distro is not only defined in /var/lib/simplesamlphp/secrets.inc.php but we also took the liberty of setting up an initial random one for you." 

Which is something I wish the debian/ubuntu packages for mysql (/etc/mysql/debian.cnf) and dovecot (/etc/dovecot/{auth.d,conf/d} )  would do. But I digress.

 

> There are things you need to account
> for (/usr/share/simplesamlphp and /etc/defaults/simplesamlphp vs

The latter doesn't exist.. but probably you're referring to
/etc/simplesamlphp/

      Right you are! I need to get me coffee! =)