State information lost
268 views
Skip to first unread message
Anuj Saxena
Aug 16, 2014, 8:46:43 AM8/16/14
to simple...@googlegroups.com
I am trying to integrate SimpleSAMLPhp into one of my drupal sites.
As far as i think, i have followed the instructions from the documentation to the line but when i try to authenticate the user through the IDP i get a state information lost exception.
Below is an excerpt from the log file of simplesaml:
Saved state: '_0e6d4c3dff2a9bbc72b80259dd730c5e0c57de85da'
Aug 16 18:10:00 simplesamlphp DEBUG [5d6fa2d1b5] Sending SAML 2 AuthnRequest to 'urn:componentspace:IdentityProvider'
Aug 16 18:10:00 simplesamlphp DEBUG [5d6fa2d1b5] Sending message:
Aug 16 18:10:00 simplesamlphp DEBUG [5d6fa2d1b5] <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0e6d4c3dff2a9bbc72b80259dd730c5e0c57de85da" Version="2.0" IssueInstant="2014-08-16T12:40:00Z" Destination="http://pulse.ranbaxy.com/IdentityProvider/SAML/SSOService" AssertionConsumerServiceURL="http://saml.ranbaxy.com:82/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
Aug 16 18:10:00 simplesamlphp DEBUG [5d6fa2d1b5] <saml:Issuer>urn:Indegene:Ranbaxy:SP</saml:Issuer>
Aug 16 18:10:00 simplesamlphp DEBUG [5d6fa2d1b5] <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
Aug 16 18:10:00 simplesamlphp DEBUG [5d6fa2d1b5] </samlp:AuthnRequest>
Aug 16 18:10:00 simplesamlphp DEBUG [5d6fa2d1b5] Redirect to 669 byte URL: http://pulse.ranbaxy.com/IdentityProvider/SAML/SSOService?SAMLRequest=fVJLb%2BIwEP4rke%2FBJoVCLUBii1YbqY%2BIsHvYy8qxh2LJsbMeuy3%2Fvk7SrdgLB8vSfI%2BZ%2BTQrFK3p%2BDaGk93D3wgYsvfWWOQDsCbRW%2B4EauRWtIA8SF5vHx94MWG88y446Qy5kFxXCETwQTtLsnK3Jn8Y3KqZvFHHYyHumkYuimbJivmdUosbJueQ3kLBcq4EyX6Bx6Rck2SU5IgRSotB2JBKbDrL2TKf3h6mBZ8xzthvku3SNtqKMKhOIXSc0i4ahIkXthHv54l0LS0V2KDDufLuVSvwtJ%2BW1vVzDf5VSyDZ9t%2FU985ibMF%2FIj%2F3D1%2B%2B%2Fe6XtnxZUNRtZ6BHaOtUNDDpTt3ApDj%2BRS4kDlUFRxFNyLEjWfWZ6zdtlbYv1yNtRhLyH4dDlVfP9YFsVr03HyLym15cWgUvYIHvxwl5Xa3oJWk13sFTsi93lTNanrPvzrciXO%2FeV7TKjwOVhxQA6hRnyswY93bvQQRYk%2BAjELoZW%2F5%2FbZsP&RelayState=http%3A%2F%2Fsaml.ranbaxy.com%3A82%2Fsaml_loginarray (
)
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] Received message:
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_ef5a9c7d-d6ef-45a8-b3c9-2547624d62d6" InResponseTo="_0e6d4c3dff2a9bbc72b80259dd730c5e0c57de85da" Version="2.0" IssueInstant="2014-08-16T12:40:03.089Z" Destination="http://saml.ranbaxy.com:82/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:componentspace:IdentityProvider</saml:Issuer>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <SignedInfo>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <Reference URI="#_ef5a9c7d-d6ef-45a8-b3c9-2547624d62d6">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <Transforms>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default samlp saml ds xs xsi"/>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </Transform>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </Transforms>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <DigestValue>jVuTmSK30fsh4+aWA+pkQZy0rpw=</DigestValue>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </Reference>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </SignedInfo>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <SignatureValue>YMT4vq7qmGq7ebZAiyQS6Tg/GXV2tt6DN89fiVw/7qDTlCLsnBNI/EU2pr9IxjSMoFNk/T29EcvqAwUGSU+66VQyH8yGiQn4avrxbf2QnEmKuJbr5rxwh1zGXsTG6EOoP0cdPIJadDX5wNvaItbHMu7K3wDlxxY3L23wICdD0Z3oxsAuVZz1YR5vFlR9BJhI66ahquCKM7uVvcJe4gtYZ4MQqsghVVBLwrgQ6JDV72CqE6WWV1+RALNpfgQR5RTwxlf57T//JvMK/H2oVAkW+NnCqpjEbwBnVqbMlSh2sYydXYjtTLGztsLf9mnNHUP9/YQ/lM+5nQc55m35eiVB6g==</SignatureValue>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <KeyInfo>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <X509Data>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <X509Certificate>MIIDATCCAemgAwIBAgIQdPDr/iI1jbhDMTj5VYya+TANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwt3d3cuaWRwLmNvbTAeFw0xMzExMjIwODIwNTJaFw00OTEyMzExNDAwMDBaMBYxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0XJRLDrcbSyqUd8XG4BgxObQMYLAkENlmJOsAEpl1xMabUiq1X4v0Fc8ZaCpUE3fFGENMEWgBjnQUUE0WtVUh5JPMsukolf9qljbJkCkvHXH3O4Uen7vA2oNQWt4bK96SpXADpZKFvpk4D7btKOgU/NamjiqwHI4fI8kFJKwKBJchRPUQdC4ljRRmGIrSnpY+t25/d3KGXwbe9Z2MGGy2hyA0tgOWuchIK+1vAKKBUh9nDEXfr80+xW680w5TqHyDcqbWvQsXXhH0yZLfINKNS6/IojHPsBy7tf36Ck9H5Pw+1PPu6NzBFSz5ZkC8KzrS6vuZXc/ImYrnheMQsqqQIDAQABo0swSTBHBgNVHQEEQDA+gBD4dY4MCPEmG4sxZrcni8vtoRgwFjEUMBIGA1UEAxMLd3d3LmlkcC5jb22CEHTw6/4iNY24QzE4+VWMmvkwDQYJKoZIhvcNAQELBQADggEBABhak2aR84MCdyXO4AKOQvZybsCMdhRq2i1i0WhD4/xe7Ry5haC6TeXIp8Q4cC3MzsrDal74xHI714BW0loafpHAsXfd9EvkKTVaJ+1Zpe16+SsTL4upS1cGydigqwUzsdpGck4wI1moJ9477O+46If2gF27u9Cdk7Onxe/5dwLIxWmkVRdbQIH5GsKUeAjOdRQmy+X1MX6KyRoaCwWGYwxi5Sa+r+3AtDvD4BX0EJGKFZeeM3J/yMpYh/75aN0cFQfDEdJ7C5NE0vonidE0QtIFvsoWtZUtur2fiW7yBxse38TPQsi2r6A6c/TZsZ5bq31yh3gr3kSN62H8iVKLQLA=</X509Certificate>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </X509Data>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </KeyInfo>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </Signature>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <samlp:Status>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </samlp:Status>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Version="2.0" ID="_1b47cf86-0eb9-43ef-aa14-794cf903ecc6" IssueInstant="2014-08-16T12:40:03.091Z">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Issuer>urn:componentspace:IdentityProvider</saml:Issuer>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Subject>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">idp-user</saml:NameID>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:SubjectConfirmationData NotOnOrAfter="2014-08-16T12:43:03.092Z" Recipient="http://saml.ranbaxy.com:82/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp" InResponseTo="_0e6d4c3dff2a9bbc72b80259dd730c5e0c57de85da"/>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:SubjectConfirmation>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:Subject>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Conditions NotBefore="2014-08-16T12:37:03.091Z" NotOnOrAfter="2014-08-16T12:43:03.091Z">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:AudienceRestriction>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Audience>urn:Indegene:Ranbaxy:SP</saml:Audience>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:AudienceRestriction>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:Conditions>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:AuthnStatement AuthnInstant="2014-08-16T12:40:03.093Z" SessionIndex="_1b47cf86-0eb9-43ef-aa14-794cf903ecc6">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:AuthnContext>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:AuthnContext>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:AuthnStatement>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:AttributeStatement>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Attribute Name="username">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">idp-user</saml:AttributeValue>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:Attribute>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:Attribute Name="role">
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] <saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">admin</saml:AttributeValue>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:Attribute>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:AttributeStatement>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </saml:Assertion>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] </samlp:Response>
Aug 16 18:10:03 simplesamlphp DEBUG [6579702784] Loading state: '_0e6d4c3dff2a9bbc72b80259dd730c5e0c57de85da'
Aug 16 18:10:03 simplesamlphp ERROR [6579702784] SimpleSAML_Error_NoState: NOSTATE
Aug 16 18:10:03 simplesamlphp ERROR [6579702784] Backtrace:
Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 2 E:\xampp\htdocs\saml.ranbaxy.com\lib\SimpleSAML\Auth\State.php:226 (SimpleSAML_Auth_State::loadState)
Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 1 E:\xampp\htdocs\saml.ranbaxy.com\modules\saml\www\sp\saml2-acs.php:63 (require)
Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 0 E:\xampp\htdocs\saml.ranbaxy.com\www\module.php:135 (N/A)
As you might notice that the session id remains unchanged so that is not the problem.
I am using SQL as the datasource as a replacement to the default phpsession.
Any pointers towards where i might be wrong are greatly appreciated.
Regards,
Anuj
Jaime Pérez Crespo
Aug 18, 2014, 4:11:22 AM8/18/14
to simple...@googlegroups.com
Hi Anuj,
On 16 Aug 2014, at 14:46 pm, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> I am trying to integrate SimpleSAMLPhp into one of my drupal sites.
> As far as i think, i have followed the instructions from the documentation to the line but when i try to authenticate the user through the IDP i get a state information lost exception.
>
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
On 16 Aug 2014, at 14:46 pm, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> I am trying to integrate SimpleSAMLPhp into one of my drupal sites.
> As far as i think, i have followed the instructions from the documentation to the line but when i try to authenticate the user through the IDP i get a state information lost exception.
>
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] SimpleSAML_Error_NoState: NOSTATE
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] Backtrace:
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 2 E:\xampp\htdocs\saml.ranbaxy.com\lib\SimpleSAML\Auth\State.php:226 (SimpleSAML_Auth_State::loadState)
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 1 E:\xampp\htdocs\saml.ranbaxy.com\modules\saml\www\sp\saml2-acs.php:63 (require)
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 0 E:\xampp\htdocs\saml.ranbaxy.com\www\module.php:135 (N/A)
>
> As you might notice that the session id remains unchanged so that is not the problem.
> I am using SQL as the datasource as a replacement to the default phpsession.
If you are using your custom backend to store sessions, you have configured everything else according to the documentation, and SimpleSAMLphp complains about not being able to recover the state, you most likely have a problem with your SQL backend. Make sure SimpleSAMLphp can connect to your database, the sessions are stored there correctly, and can be retrieved afterwards.
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] Backtrace:
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 2 E:\xampp\htdocs\saml.ranbaxy.com\lib\SimpleSAML\Auth\State.php:226 (SimpleSAML_Auth_State::loadState)
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 1 E:\xampp\htdocs\saml.ranbaxy.com\modules\saml\www\sp\saml2-acs.php:63 (require)
> Aug 16 18:10:03 simplesamlphp ERROR [6579702784] 0 E:\xampp\htdocs\saml.ranbaxy.com\www\module.php:135 (N/A)
>
> As you might notice that the session id remains unchanged so that is not the problem.
> I am using SQL as the datasource as a replacement to the default phpsession.
--
Jaime Pérez
UNINETT / Feide
mail: jaime...@uninett.no
xmpp: ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost
Anuj Saxena
Aug 18, 2014, 4:21:19 AM8/18/14
to simple...@googlegroups.com
Hello Jamie,
Thanks for your response.
I am using the default SQLite session configuration that is available.
I have verified that the SQLite file gets created but what i am not able to figure out is that the ID value against which the session is tried to be saved and loaded, is not present in the DB anywhere.
Is there some additional setting that is required to save the correct ID?
-Regards
Anuj
Anuj
Yørn de Jong
Aug 18, 2014, 4:24:26 AM8/18/14
to simple...@googlegroups.com
This problem has given me a lot of headaches as well.
In my case, the problem was that session_start() was called before SimpleSamlPhp,
which caused SimpleSamlPhp to lose its session information, because another session was initiated first.
I solved this by instantiating SimpleSamlPhp early and running $sp->isLoggedIn(), to trigger session creation.
There are however multiple problems that can lead to this error, see [1] for more information.
[1] https://code.google.com/p/simplesamlphp/wiki/LostState
Yørn
> --
> You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
> To post to this group, send email to simple...@googlegroups.com.
> Visit this group at http://groups.google.com/group/simplesamlphp.
> For more options, visit https://groups.google.com/d/optout.
In my case, the problem was that session_start() was called before SimpleSamlPhp,
which caused SimpleSamlPhp to lose its session information, because another session was initiated first.
I solved this by instantiating SimpleSamlPhp early and running $sp->isLoggedIn(), to trigger session creation.
There are however multiple problems that can lead to this error, see [1] for more information.
[1] https://code.google.com/p/simplesamlphp/wiki/LostState
Yørn
> You received this message because you are subscribed to the Google Groups "simpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
> To post to this group, send email to simple...@googlegroups.com.
> Visit this group at http://groups.google.com/group/simplesamlphp.
> For more options, visit https://groups.google.com/d/optout.
Jaime Pérez Crespo
Aug 18, 2014, 4:37:22 AM8/18/14
to simple...@googlegroups.com
Hi again,
On 18 Aug 2014, at 10:21 am, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> Hello Jamie,
Actually it’s the spanish name Jaime, not the english one “Jamie” :-)
> Thanks for your response.
> I am using the default SQLite session configuration that is available.
As far as I know, there’s no SQLite backend shipped by default with SimpleSAMLphp, but there is one SQL backend that makes use of PDO. Are you using that one?
> I have verified that the SQLite file gets created but what i am not able to figure out is that the ID value against which the session is tried to be saved and loaded, is not present in the DB anywhere.
If your sessions are not stored in the database, that’s clearly the cause for your NOSTATE errors. It will definitely have something to do with configuration, either in SimpleSAMLphp or in your server. It might be something as simple as lack of sufficient permissions to write to the file.
> Is there some additional setting that is required to save the correct ID?
If your web server is able to write to the file, then SimpleSAMLphp would be too.
On 18 Aug 2014, at 10:21 am, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> Hello Jamie,
Actually it’s the spanish name Jaime, not the english one “Jamie” :-)
> Thanks for your response.
> I am using the default SQLite session configuration that is available.
> I have verified that the SQLite file gets created but what i am not able to figure out is that the ID value against which the session is tried to be saved and loaded, is not present in the DB anywhere.
> Is there some additional setting that is required to save the correct ID?
Anuj Saxena
Aug 18, 2014, 4:45:07 AM8/18/14
to simple...@googlegroups.com
Hello again Jaime,
Extremely sorry for missing out on the correct name in the first email.
You are absolutely right about the use of SQL. I am indeed using the SQL backend that makes use of PDO. All I have done for using that is change the store.type and the store.sql.dsn entries in the config.php.
Do i need to handle writing of the correct information into this SQLite file through some code?
If that is the case or otherwise can you provide any pointers as to where things might be wrong?
I think file permissions is not the issue because i can see the data file being updated as soon as i try and do a federated login.
-Regards
Anuj
Anuj
Jaime Pérez Crespo
Aug 18, 2014, 6:17:54 AM8/18/14
to simple...@googlegroups.com
Hi,
On 18 Aug 2014, at 10:45 am, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> Hello again Jaime,
>
> Extremely sorry for missing out on the correct name in the first email.
No worries, it’s a quite common misspelling and it happens all the time :-)
> You are absolutely right about the use of SQL. I am indeed using the SQL backend that makes use of PDO. All I have done for using that is change the store.type and the store.sql.dsn entries in the config.php.
>
> Do i need to handle writing of the correct information into this SQLite file through some code?
No, it should just work. I haven’t tried using the SQLite driver myself, but I don’t see any reason why it shouldn’t work.
> If that is the case or otherwise can you provide any pointers as to where things might be wrong?
>
> I think file permissions is not the issue because i can see the data file being updated as soon as i try and do a federated login.
When you say updated, I understand you mean the last modification time of the file? Have you checked if any data is getting into the file?
I would check not only SSP logs, but also the web server’s error log, to see if something is happening while trying to save the data to the backend (or when retrieving it out of it).
On 18 Aug 2014, at 10:45 am, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> Hello again Jaime,
>
> Extremely sorry for missing out on the correct name in the first email.
> You are absolutely right about the use of SQL. I am indeed using the SQL backend that makes use of PDO. All I have done for using that is change the store.type and the store.sql.dsn entries in the config.php.
>
> Do i need to handle writing of the correct information into this SQLite file through some code?
> If that is the case or otherwise can you provide any pointers as to where things might be wrong?
>
> I think file permissions is not the issue because i can see the data file being updated as soon as i try and do a federated login.
I would check not only SSP logs, but also the web server’s error log, to see if something is happening while trying to save the data to the backend (or when retrieving it out of it).
Anuj Saxena
Aug 18, 2014, 6:24:35 AM8/18/14
to simple...@googlegroups.com
Hi,
When I said modified i actually meant that I went ahead and checked the tables in the DB.
There is a table by the name Simplesamlphp_kvstore in which i can see the _type, _key, _value, _ expiry columns.
The rows show the values as:
session <Some Hex value> (Which i thought should be the ID) <Some long URL encoded string> <Date time of session expiry>
Going through the records of this table i am not able to find the ID value for which the session save and load session are being displayed in the logs.
For testing i even deleted all entries in the table and tried doing the federated login. The table is updated with 2 entries but none of them correspond to the ID that is present in the logs.
-Regards
Anuj
Anuj
Jaime Pérez Crespo
Aug 18, 2014, 12:43:47 PM8/18/14
to simple...@googlegroups.com
Hi again,
On 18 Aug 2014, at 12:24 pm, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> When I said modified i actually meant that I went ahead and checked the tables in the DB.
> There is a table by the name Simplesamlphp_kvstore in which i can see the _type, _key, _value, _ expiry columns.
> The rows show the values as:
> session <Some Hex value> (Which i thought should be the ID) <Some long URL encoded string> <Date time of session expiry>
Then it looks like the DB is configured right and working as it should, so the problem must be somewhere else.
> Going through the records of this table i am not able to find the ID value for which the session save and load session are being displayed in the logs.
Bear in mind that sessions do not persist forever. Also, the log messages usually refer to the state ID, which is inside the session and not the identifier used to save or retrieve the session to/from the database.
> For testing i even deleted all entries in the table and tried doing the federated login. The table is updated with 2 entries but none of them correspond to the ID that is present in the logs.
That’s normal if you are looking for the state ID, as I said. If your session backend works fine, then the problem should be somewhere else, as that simply works.
On 18 Aug 2014, at 12:24 pm, Anuj Saxena <anuj.kum...@gmail.com> wrote:
> When I said modified i actually meant that I went ahead and checked the tables in the DB.
> There is a table by the name Simplesamlphp_kvstore in which i can see the _type, _key, _value, _ expiry columns.
> The rows show the values as:
> session <Some Hex value> (Which i thought should be the ID) <Some long URL encoded string> <Date time of session expiry>
> Going through the records of this table i am not able to find the ID value for which the session save and load session are being displayed in the logs.
> For testing i even deleted all entries in the table and tried doing the federated login. The table is updated with 2 entries but none of them correspond to the ID that is present in the logs.
Anuj Saxena
Aug 20, 2014, 8:43:29 AM8/20/14
to simple...@googlegroups.com
Hello again Jaime,
I was able to get past the No State exception. Thanks for spending your time on my problem.
The problem seemed to be happening because the 'session.cookie.domain' was set to NULL. After setting it to '.ranbaxy.com' the state exception went away.
Now i am stuck with a new problem where post authentication the redirection is happening to the wrong page. Currently it is redirecting to http://saml.ranbaxy.com:82/saml_login where as i would like the redirection to happen to http://pulse.ranbaxy.com:82.
Any ideas?
-Regards
Anuj
Anuj
Reply all
Reply to author
Forward
0 new messages