Unhandled exeption trying to access admin interface

[Giacomo Tommaso Petrucci]

Greetings,

I've just set up a SimpleSAMLphp installation inside a Docker container to test a module I'm developing. Previously, I was able to access the admin interface, but it was indicating an error inside saml20-idp-hosted.php. After I fixed the error, if I try to access the admin interface I get a page showing the following exception as debug information:

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace: 2 public/_include.php:28 (SimpleSAML_exception_handler) 1 vendor/symfony/error-handler/ErrorHandler.php:607 (Symfony\Component\ErrorHandler\ErrorHandler::handleException) 0 [builtin] (N/A) Caused by: SimpleSAML\Error\Exception: Unable to load private key from location "server.pem" Backtrace: 7 src/SimpleSAML/Utils/Crypto.php:220 (SimpleSAML\Utils\Crypto::loadPrivateKey) 6 modules/admin/src/Controller/Config.php:379 (SimpleSAML\Module\admin\Controller\Config::getPrerequisiteChecks) 5 modules/admin/src/Controller/Config.php:137 (SimpleSAML\Module\admin\Controller\Config::main) 4 vendor/symfony/http-kernel/HttpKernel.php:163 (Symfony\Component\HttpKernel\HttpKernel::handleRaw) 3 vendor/symfony/http-kernel/HttpKernel.php:75 (Symfony\Component\HttpKernel\HttpKernel::handle) 2 vendor/symfony/http-kernel/Kernel.php:202 (Symfony\Component\HttpKernel\Kernel::handle) 1 src/SimpleSAML/Module.php:234 (SimpleSAML\Module::process) 0 public/module.php:14 (N/A)

This looks strange to me because I have a server.pem file inside the cert directory, and if I cat it it also looks fine:

root@853cf3a3d9de:/var/simplesamlphp/cert# cat server.pem
-----BEGIN PRIVATE KEY-----
[redacted]

-----END PRIVATE KEY-----

If instead of only specifying the file name inside the saml20-idp-hosted.php I put the full path, the only difference is that the exception text reports the absolute path of the certificate. What am I getting wrong?
Thank you for your help,

Giacomo Tommaso Petrucci

[Dick Visser]

What happened between "previously" and now?

That must have caused the problem.

But that's something local to your situation I guess...

--
This is a mailing list for users of SimpleSAMLphp, not a support service. If you are willing to buy commercial support, please take a look here:
 
https://simplesamlphp.org/support
 
Before sending your question, make sure it is related to SimpleSAMLphp, and not your web server's configuration or any other third-party software. This mailing list cannot help with software that uses SimpleSAMLphp, only regarding SimpleSAMLphp itself.
 
Make sure to read the documentation:
 
https://simplesamlphp.org/docs/stable/
 
If you have an issue with SimpleSAMLphp that you cannot resolve and reading the documentation doesn't help, you are more than welcome to ask here for help. Subscribe to the list and send an email with your question. However, you will be expected to comply with some minimum, common sense standards in your questions. Please read this carefully:
 
http://catb.org/~esr/faqs/smart-questions.html
---
You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/bbcd36a3-1769-4675-a5b9-8f989c46b18fn%40googlegroups.com.

--

Sent from Gmail Mobile

[Giacomo Tommaso Petrucci]

What happened is that I fixed the error inside saml20-idp-hosted.php, which was that I forgot to replace the default value for the entity ID. I put an URL for the entity ID and then it stopped working. I guess that before SimpleSAMLphp was detecting the misconfiguration and just ignoring what was inside the saml20-idp-hosted.php file. You can find my full saml20-idp-hosted.php here.

Thank you for your help,

Giacomo Tommaso Petrucci

[Dick Visser]

Does this imply that you effectively upgraded the thing from v1.19x to v2?

Because that was not obvious at all.

To view this discussion on the web visit https://groups.google.com/d/msgid/simplesamlphp/edf08b0f-8e68-4d94-aab7-316418417df7n%40googlegroups.com.

[Giacomo Tommaso Petrucci]

Which thing? The edit to the config file was all I did between it working and it starting to throw that exception.

[Giacomo Tommaso Petrucci]

Fixed, in the end turned out to be a permission issue: despite that I think Apache is running as root inside the container, it wasn't able to open the file somehow. A chmod +r solved the problem.

[Tim van Dijen]

I'm not familiar with Docker per se, so maybe this is different from a normal OS, but Apache is usually started as root and then it forks itself to run as the non-root 'apache' user.

- Tim

Op zondag 21 mei 2023 om 17:06:38 UTC+2 schreef giacomo.to...@gmail.com: