Initial setup problem
912 views
Skip to first unread message
Ariel Velikovsky
Jul 26, 2021, 11:15:13 AM7/26/21
to SimpleSAMLphp
Hi guys,
Directories
/var/simplesamlphp
/www
/config
...
- default installation as suggested
The Problem
Launching https://saml.mydomain.com/simplesaml/
Launching https://saml.mydomain.com/simplesaml/index.php does the same.
However, created for a test index.html under the same folder (/var/simplesamlphp/www) appears correctly, so the Apache configuration seems to be working.
No issues reported in the error log.
What would you suggest to check/do next?
Best Regards,
Ariel
Need a bit of your help... I'm trying to get the initial setup working. For some reason, it just refuses to work for me. Tried installing from scratch twice, same result (just untar and follow the instructions ;-) I sure did). Not sure where to start. Any help will be greatly appreciated. Here are some details:
Platform
Ubuntu 20/Apache 2.4/PHP 7.4
All relevant PHP modules installed
Apache configuration
Platform
Ubuntu 20/Apache 2.4/PHP 7.4
All relevant PHP modules installed
Apache configuration
<VirtualHost *:80>
ServerName saml.mydomain.com
DocumentRoot /var/www/saml.mydomain.com
SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/simplesamlphp/config
Alias /simplesaml /var/simplesamlphp/www
LogLevel debug
ErrorLog /var/simplesamlphp/www/log/error.log
CustomLog /var/simplesamlphp/www/log/access.log combined
<Directory /var/simplesamlphp/www>
Require all granted
</Directory>
secret salt & admin pass - both changed
Directories
/var/simplesamlphp
/www
/config
...
- default installation as suggested
The Problem
Launching https://saml.mydomain.com/simplesaml/
Is redirected to:
and shows page not found
Launching https://saml.mydomain.com/simplesaml/index.php does the same.
However, created for a test index.html under the same folder (/var/simplesamlphp/www) appears correctly, so the Apache configuration seems to be working.
No issues reported in the error log.
What would you suggest to check/do next?
Best Regards,
Ariel
Peter Schober
Jul 26, 2021, 11:51:40 AM7/26/21
to SimpleSAMLphp
* Ariel Velikovsky <arie...@gmail.com> [2021-07-26 17:15]:
> What would you suggest to check/do next?
Maybbe ignore the admin UI for now and try to access
e.g. /simplesaml/module.php/core/authenticate.php to test configured
auth sources.
-peter
> Tried installing from scratch twice, same result (just untar and
> follow the instructions ;-) I sure did).
What version did you install?
> follow the instructions ;-) I sure did).
> What would you suggest to check/do next?
e.g. /simplesaml/module.php/core/authenticate.php to test configured
auth sources.
-peter
Peter Schober
Jul 26, 2021, 11:53:10 AM7/26/21
to SimpleSAMLphp
* Ariel Velikovsky <arie...@gmail.com> [2021-07-26 17:15]:
> SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/simplesamlphp/config
Note that the idea of this setting is to enable a config directory
that's outside of the unpacked software distribution, in order to
enable you to simply replace/update the software while keeping your
config intact/untouched.
I.e., setting this to the path above is a noop and could also be
removed.
-peter
Ariel Velikovsky
Jul 27, 2021, 5:53:37 AM7/27/21
to SimpleSAMLphp
Many thanks for a quick response!
Installed version: 1.19.1
(installed from https://simplesamlphp.org/download?latest)
Wrt "SetEnv SIMPLESAMLPHP_CONFIG_DIR" - clear, obviously in my default setting this would work without that. But it should not hurt either.
/simplesaml/module.php/core/authenticate.php returns this:
Oops! An Error Occurred
The server returned a "500 Internal Server Error".
From the log
Installed version: 1.19.1
(installed from https://simplesamlphp.org/download?latest)
Wrt "SetEnv SIMPLESAMLPHP_CONFIG_DIR" - clear, obviously in my default setting this would work without that. But it should not hurt either.
/simplesaml/module.php/core/authenticate.php returns this:
Oops! An Error Occurred
The server returned a "500 Internal Server Error".
From the log
Jul 27 09:46:36 ip-172-30-2-70 simplesamlphp[445476]: 3 [TRc6bab3b5] SimpleSAML\Error\NotFound: The requested page 'http://saml.mydomain.com/simplesaml/module.php/core/authenticate.php' could not be found. The URL wasn't found in the module.
Jul 27 09:46:36 ip-172-30-2-70 simplesamlphp[445476]: 3 [TRc6bab3b5] Backtrace:
Jul 27 09:46:36 ip-172-30-2-70 simplesamlphp[445476]: 3 [TRc6bab3b5] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:256 (SimpleSAML\Module::process)
Jul 27 09:46:36 ip-172-30-2-70 simplesamlphp[445476]: 3 [TRc6bab3b5] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Jul 27 09:46:36 ip-172-30-2-70 simplesamlphp[445476]: 3 [TRc6bab3b5] Error report with id 79d13503 generated.
Jul 27 09:46:36 ip-172-30-2-70 simplesamlphp[445476]: 3 [TRc6bab3b5] Error loading session: Session start with secure cookie not allowed on http.
This looks like a problem: "Session start with secure cookie not allowed on HTTP" ?
My (pretty much standard, AWS) configuration is Apache behind a load balancer. The load balancer provides SSL (https/443) for external access and Apache works on port 80/http unencrypted. Is this a problem?
My (pretty much standard, AWS) configuration is Apache behind a load balancer. The load balancer provides SSL (https/443) for external access and Apache works on port 80/http unencrypted. Is this a problem?
Thanks,
Ariel
Tim van Dijen
Jul 27, 2021, 6:43:59 AM7/27/21
to SimpleSAMLphp
Hello Ariel,
This is no problem at all, but you have to make SimpleSAMLphp 'think' it's running on HTTPS.
This can be done by properly configuring the `baseurlpath` in config.php
This can be done by properly configuring the `baseurlpath` in config.php
- Tim
Op dinsdag 27 juli 2021 om 11:53:37 UTC+2 schreef Ariel Velikovsky:
Ariel Velikovsky
Jul 27, 2021, 7:22:17 AM7/27/21
to SimpleSAMLphp
Ok, looks like some progress, added https://... link to the config, now instead of 500 I'm getting
SimpleSAML styled page with this error:
SimpleSAML\Error\NotFound: The requested page 'https://saml.mydomain.com/simplesaml/module.php/core/authenticate.php' could not be found. The URL wasn't found in the module.
This is the log trace:
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] Backtrace:
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 1 /var/simplesamlphp/lib/SimpleSAML/Module.php:256 (SimpleSAML\Module::process)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 0 /var/simplesamlphp/www/module.php:10 (N/A)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] Error report with id c6b4ba00 generated.
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] SimpleSAML\Error\Exception: Error 2 - session_create_id(): Failed to create new ID at /var/simplesamlphp/lib/SimpleSAML/SessionHandlerPHP.php:148
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] Backtrace:
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 9 /var/simplesamlphp/www/_include.php:49 (SimpleSAML_error_handler)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 8 [builtin] (session_create_id)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 7 /var/simplesamlphp/lib/SimpleSAML/SessionHandlerPHP.php:148 (SimpleSAML\SessionHandlerPHP::newSessionId)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 6 /var/simplesamlphp/lib/SimpleSAML/Session.php:173 (SimpleSAML\Session::__construct)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 5 /var/simplesamlphp/lib/SimpleSAML/Session.php:306 (SimpleSAML\Session::getSessionFromRequest)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 4 /var/simplesamlphp/lib/SimpleSAML/Error/Error.php:190 (SimpleSAML\Error\Error::saveError)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 3 /var/simplesamlphp/lib/SimpleSAML/Error/Error.php:228 (SimpleSAML\Error\Error::show)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 2 /var/simplesamlphp/www/_include.php:15 (SimpleSAML_exception_handler)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 1 /var/simplesamlphp/vendor/symfony/error-handler/ErrorHandler.php:607 (Symfony\Component\ErrorHandler\ErrorHandler::handleException)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 3 [452b8fc0d6] 0 [builtin] (N/A)
Jul 27 11:14:00 ip-172-30-2-70 simplesamlphp[445391]: 4 [452b8fc0d6] Secure session ID generation failed, falling back to custom ID generation.
Obviously, session creation fails (this line $sessionId = session_create_id();) What might be the reason? I did not provide any DB configuration which was marked as optional. Should I? Any other ideas?
Thanks,
Ariel
Peter Schober
Jul 27, 2021, 7:48:11 AM7/27/21
to SimpleSAMLphp
* Ariel Velikovsky <arie...@gmail.com> [2021-07-27 13:22]:
Obviously (?) those issues are not normally encoutered so something
(else, now that TLS offloading has been taken care of) is off with
your deployment.
-peter
> Ok, looks like some progress, added https://... link to the config, now
> instead of 500 I'm getting SimpleSAML styled page with this error:
>
> SimpleSAML\Error\NotFound: The requested page
> 'https://saml.mydomain.com/simplesaml/module.php/core/authenticate.php'
> could not be found. The URL wasn't found in the module.
Does accessnig the admin UI still return 404? Or has anything changed?
> instead of 500 I'm getting SimpleSAML styled page with this error:
>
> SimpleSAML\Error\NotFound: The requested page
> 'https://saml.mydomain.com/simplesaml/module.php/core/authenticate.php'
> could not be found. The URL wasn't found in the module.
Obviously (?) those issues are not normally encoutered so something
(else, now that TLS offloading has been taken care of) is off with
your deployment.
-peter
Tim van Dijen
Jul 27, 2021, 7:51:51 AM7/27/21
to SimpleSAMLphp
So, is your baseurlpath now like '
https://saml.mydomain.com/simplesaml/
'? If yes, then you haven't configured your webserver correctly.
The session errors have something to do with your session cookie.. Have you changed anything related to that?
- Tim
Op dinsdag 27 juli 2021 om 13:48:11 UTC+2 schreef Peter Schober:
Ariel Velikovsky
Jul 27, 2021, 8:08:55 AM7/27/21
to SimpleSAMLphp
RE:
"Does accessnig the admin UI still return 404?"
- What exactly do you mean by Admin UI?
Apache configuration
- What exactly do you mean by Admin UI?
Accessing the base URL
https://saml.mydomain.com/simplesaml/ seems to initiate a session with my external IDP (might be working, I'm getting to the IDP web page). However, I'm missing metadata details I need to provide them. I was told to launch /simplesaml/module.php/core/frontpage_federation.php URL, but it redirects to /simplesaml/module.php/admin/federation and again shows page not found...
RE: "So, is your baseurlpath now like ' https://saml.mydomain.com/simplesaml/ '?
-- Correct
RE: "If yes, then you haven't configured your webserver correctly."
-- See below. Looks to me identical to the SimpleSamlPhp manual, with an exception for the port and log paths. Am I missing anything?
-- Correct
RE: "If yes, then you haven't configured your webserver correctly."
-- See below. Looks to me identical to the SimpleSamlPhp manual, with an exception for the port and log paths. Am I missing anything?
Apache configuration
<VirtualHost *:80>
ServerName saml.mydomain.com
DocumentRoot /var/www/saml.mydomain.com
SetEnv SIMPLESAMLPHP_CONFIG_DIR /var/simplesamlphp/config
Alias /simplesaml /var/simplesamlphp/www
LogLevel debug
ErrorLog /var/simplesamlphp/www/log/error.log
CustomLog /var/simplesamlphp/www/log/access.log combined
<Directory /var/simplesamlphp/www>
Require all granted
</Directory>
</VirtualHost>
Anything else I could do/check?
Ariel Velikovsky
Jul 27, 2021, 8:25:18 AM7/27/21
to SimpleSAMLphp
Hold on. I can see some PHP files are missing vs original downloaded tar.gz. Not even sure how this is technically possible (i.e. for tar to skip some files). But let me handle this first and see if it solves the issues.
Thanks,
Ariel
Tim van Dijen
Jul 27, 2021, 8:36:33 AM7/27/21
to SimpleSAMLphp
The redirect to /admin/federation only exists in our master branch, so you're not using v1.19.1 as you said.
- Tim
Op dinsdag 27 juli 2021 om 14:08:55 UTC+2 schreef Ariel Velikovsky:
Ariel Velikovsky
Jul 27, 2021, 2:04:38 PM7/27/21
to SimpleSAMLphp
After re-downloading the same tar.gz (downloaded from https://simplesamlphp.org/download?latest as before) and un-tarring it again, finally the initial setup page agreed to show up.
Many thanks for your help trying to analyze what's wrong.
Best Regards,
Ariel
Rock Lee
May 16, 2024, 7:11:29 PM5/16/24
to SimpleSAMLphp
Hey Everyone,
Will appreciate your help! I am facing this exact issue on simpleSAMLphp 2.2.1. I have tried running this on php 8.2 + nginx on Azure App service, and now trying on IIS. @Ariel, what php files were you referring to were missing?
Will appreciate your help! I am facing this exact issue on simpleSAMLphp 2.2.1. I have tried running this on php 8.2 + nginx on Azure App service, and now trying on IIS. @Ariel, what php files were you referring to were missing?
Reply all
Reply to author
Forward
0 new messages