Parse Error in saml20-idp-hosted.php

[Steve Lewis]

Hi

I have been following the instructions here https://simplesamlphp.org/docs/1.5/simplesamlphp-googleapps 

When I browse to http://mail.google.com/a/googledomain.org.uk I get a 500 error.

In /var/log/apache2/error.log I am getting the following error...

PHP Parse error:  syntax error, unexpected ''privatekey'' (T_CONSTANT_ENCAPSED_STRING), expecting ')' in /var/simplesamlphp/metadata/saml20-idp-hosted.php on line 18

Line 18 in my saml20-idp-hosted.php

'privatekey' => 'key.pem',

I created a cert directory in /var/simplesamlphp/cert which contains the key.pem and key.crt

Anyone able to help me? Bit stuck, is it really a syntax error or is it a problem with the .pem file? 

Below is my full  saml20-idp-hosted.php file...

<?php
/**
 * SAML 2.0 IdP configuration for simpleSAMLphp.
 *
 * See: https://simplesamlphp.org/docs/stable/simplesamlphp-reference-idp-hosted
 */


$metadata['__DYNAMIC:1__'] = array(
 /*
 * The hostname of the server (VHOST) that will use this SAML entity.
 *
 * Can be '__DEFAULT__', to use this entry by default.
 */
 'host' => 'simplesaml.mydomain.org.uk'
 /* 'host' => '__DEFAULT__', */


 /* X.509 key and certificate. Relative to the cert directory. */
 'privatekey' => 'key.pem',
 'certificate' => key.crt',


 /*
 * Authentication source to use. Must be one that is configured in
 * 'config/authsources.php'.
 */
 'auth' => 'example-userpass',


 /*
 * WARNING: SHA-1 is disallowed starting January the 1st, 2014.
 *
 * Uncomment the following option to start using SHA-256 for your signatures.
 * Currently, simpleSAMLphp defaults to SHA-1, which has been deprecated since
 * 2011, and will be disallowed by NIST as of 2014. Please refer to the following
 * document for more information:
 *
 * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
 *
 * If you are uncertain about service providers supporting SHA-256 or other
 * algorithms of the SHA-2 family, you can configure it individually in the
 * SP-remote metadata set for those that support it. Once you are certain that
 * all your configured SPs support SHA-2, you can safely remove the configuration
 * options in the SP-remote metadata set and uncomment the following option.
 *
 * Please refer to the IdP hosted reference for more information.
 */
 //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',


 /* Uncomment the following to use the uri NameFormat on attributes. */
 /*
 'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
 'authproc' => array(
 // Convert LDAP names to oids.
 100 => array('class' => 'core:AttributeMap', 'name2oid'),
 ),
 */


 /*
 * Uncomment the following to specify the registration information in the
 * exported metadata. Refer to:
     * http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html
 * for more information.
 */
 /*
 'RegistrationInfo' => array(
 'authority' => 'urn:mace:example.org',
 'instant' => '2008-01-17T11:28:03Z',
 'policies' => array(
 'en' => 'http://example.org/policy',
 'es' => 'http://example.org/politica',
 ),
 ),
 */
);

[Thijs Kinkhorst]

Hi Steve,

On 22-01-16 15:49, Steve Lewis wrote:
> I have been following the instructions here
> https://simplesamlphp.org/docs/1.5/simplesamlphp-googleapps

This documentation is for simpleSAMLphp 1.5 which I hope you're not
using. Please use up to date documentation at
https://simplesamlphp.org/docs/1.5/simplesamlphp-googleapps

> PHP Parseerror: syntax error,unexpected
> ''privatekey''(T_CONSTANT_ENCAPSED_STRING),expecting
> ')'in/var/simplesamlphp/metadata/saml20-idp-hosted.php on line 18

> Anyone able to help me? Bit stuck, is it really a syntax error or is it
> a problem with the .pem file?

It says it is a PHP syntax error and it is in fact a PHP syntax error:

> 'host'=>'simplesaml.mydomain.org.uk'
> /* 'host' => '__DEFAULT__', */
>
> /* X.509 key and certificate. Relative to the cert directory. */
> 'privatekey'=>'key.pem',

You're missing a "," at the end of the line with the 'host' key.


Cheers,
Thijs

[Thijs Kinkhorst]

On 22-01-16 15:54, Thijs Kinkhorst wrote:
> On 22-01-16 15:49, Steve Lewis wrote:
>> I have been following the instructions here
>> https://simplesamlphp.org/docs/1.5/simplesamlphp-googleapps
>
> This documentation is for simpleSAMLphp 1.5 which I hope you're not
> using. Please use up to date documentation at
> https://simplesamlphp.org/docs/1.5/simplesamlphp-googleapps

Doh. This should be:
https://simplesamlphp.org/docs/1.5/simplesamlphp-googleapps


Cheers,
Thijs

[Thijs Kinkhorst]

Argh!! Third try:
https://simplesamlphp.org/docs/stable/simplesamlphp-googleapps


Cheers,
Thijs

[Steve Lewis]

Thanks Thijs I feel like such a pleb! Thank you!

No I followed the instructions here so have version simplesamlphp-1.13.2 but just trying to setup with Google Education and was the only tutorial I could find.

https://www.helloitsliam.com/2014/12/23/install-configure-and-test-simplesamlphp-for-authentication-testing/#disqus_thread

[Thijs Kinkhorst]

Hi Steve,

The documentation you referenced talks about configuring saml20-idp-hosted.

In the content you sent, the host name is "simplesaml.mydomain.org.uk",
but in the error "simplesaml.glenmoorandwinton.org.uk". They need to be
the same in order to match. You can also set it to '__DEFAULT__' to
ensure it always matches,


Cheers,
Thijs


On 22-01-16 16:31, Steve Lewis wrote:
> Got bit further to my next error message.
>
> |
> SimpleSAML_Error_Error:UNHANDLEDEXCEPTION
>
> Backtrace:
> 1/var/simplesamlphp/www/_include.php:37(SimpleSAML_exception_handler)
> 0[builtin](N/A)
> Causedby:Exception:Couldnotfind any defaultmetadata entities
> inset[saml20-idp-hosted]forhost [simplesaml.glenmoorandwinton.org.uk
> :simplesaml.glenmoorandwinton.org.uk/simplesaml]
> |

[Dick Visser]

Hi

There is also a single quote missing before key.crt.


Dick