Drupal losing session on test of SimpleSamlPHP example-userpass authentication source?

725 views
Skip to first unread message

Ryan Weiss

unread,
Dec 30, 2015, 4:47:37 PM12/30/15
to SimpleSAMLphp
Hi,

 I'm trying to debug why I'm losing all cookies when try to test the 'example-userpass' authentication source, and being thrown into a redirect loop.
 If I clear all cookies, and go to the Drupal homepage, and then login, the php session cookie is set okay (PHPSESSID).
 If I then go to domain.com/simplesaml, it brings me to the SimpleSAML homepage/module.php frontpage, and sets the SimpleSAML session cookie okay: SimpleSAMLSessionID
 If I then go to the 'Authentication' tab and 'Test configured authentication sources' and try 'example-userpass', it gets caught in a redirect loop, and no cookies are seen in the Chrome debugger (possibly because no webpage has actually loaded because of the error status code).

 The simplesamlphp.log states:
Dec 30 16:32:16 simplesamlphp DEBUG [960736d318] Loading state: '_4ee8881eedf2e15841ada38b7e15f85b8ab1dbd0a7:http://weiss.dev2.rowanonline.com/simplesaml/module.php/core/as_login.php?AuthId=example-userpass&ReturnTo=http%3A%2F%2Fweiss.dev2.rowanonline.com%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dexample-userpass'
Dec 30 16:32:16 simplesamlphp DEBUG [bc00640292] Session: 'example-userpass' not valid because we are not authenticated.
Dec 30 16:32:16 simplesamlphp DEBUG [bc00640292] Saved state: '_ad5301411bd679433e7321a974cacaec1e61dd43c8:http://weiss.dev2.rowanonline.com/simplesaml/module.php/core/as_login.php?AuthId=example-userpass&ReturnTo=http%3A%2F%2Fweiss.dev2.rowanonline.com%2Fsimplesaml%2Fmodule.php%2Fcore%2Fauthenticate.php%3Fas%3Dexample-userpass'
...and this repeats during the redirect loop.

I've tried this with a fresh installation of Drupal, and also SimpleSamlPHP. 
My SimpleSamlPHP config looks like this (with the relevant pieces being shown):

$config = array(
   
'baseurlpath' => 'simplesaml/',
   
'debug' => true,
   
'logging.level' => SimpleSAML_Logger::DEBUG,
   
'logging.handler' => 'file',
   
'enable.saml20-idp' => true,
   
'session.duration' => 8 * (60 * 60), // 8 hours.
   
'session.datastore.timeout' => (4 * 60 * 60), // 4 hours
   
'session.state.timeout' => (60 * 60), // 1 hour
   
'session.cookie.name' => 'SimpleSAMLSessionID',
   
'session.cookie.lifetime' => 30*60, //half hour
   
'session.cookie.path' => '/',
   
'session.cookie.domain' => '.rowanonline.com',
   
'session.cookie.secure' => false,
   
'session.disable_fallback' => false,
   
'enable.http_post' => false,
   
'session.phpsession.cookiename' => 'SimpleSAMLPHPSessionID',
   
'session.phpsession.savepath' => '/var/www/weiss.dev2.rowanonline.com/webroot/sessions',
   
'session.phpsession.httponly' => false,
   
'session.authtoken.cookiename' => 'SimpleSAMLAuthToken',
   
'store.type'                    => 'phpsession',
);

Does anyone have any idea why this redirect loop could be occurring? The same exact setup doesn't happen on my local webserver installation.

Thanks for any help!

Ryan


 

Jaime Perez Crespo

unread,
Jan 13, 2016, 8:34:50 AM1/13/16
to simple...@googlegroups.com
Hi Ryan,

It’s clearly a conflict between SimpleSAMLphp and Drupal smashing each other’s session. I’ve seen this issue repeatedly reported, I’d say always with Drupal involved. I can’t tell if this is a Drupal or a SimpleSAMLphp issue, though. It might even be a bug in PHP.

My recommendation would be to try with a different session handler and see if that works. If so, then you know there’s a conflict with PHP sessions and at least you know where to look at to see what’s changed between this server and your local installation.
> --
> You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
> To post to this group, send email to simple...@googlegroups.com.
> Visit this group at https://groups.google.com/group/simplesamlphp.
> For more options, visit https://groups.google.com/d/optout.

--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

Michael Dondrup

unread,
Jan 13, 2016, 12:40:46 PM1/13/16
to simple...@googlegroups.com
Hi Ryan,
are you using the simplsamlphp_auth module in Drupal to authenticate your Drupal session? From the drupal project
page:
NOTE: Your SimpleSAMLphp SP must be configured to use something other than "phpsession" (the default) for session storage.
The alternatives are memcache or sql.

Whenever I have use simplsaml_php auth and forgot to change the SSP config accordingly, I have ended up with a
redirect loop.

Michael
Reply all
Reply to author
Forward
0 new messages