User not authenticated after login page - Attrobutes not founds

[lyn...@gmail.com]

Hello,

Configuration:

- drupalauth simplesamlphp module with memcache on Drupal (IdP).
- drupalauth4ssp

Probleme: When I test my drupal-userpass authentication source, I'm directed to the login page, I can log in but when I'm redirected to the simplesamlphp result page the attributes aren't retrieved and this is what I get in the logs:

Oct 28 10:44:07 simplesamlphp INFO [f22b81f502] SAML2.0 - IdP.SSOService: Accessing SAML 2.0 IdP endpoint SSOService
Oct 28 10:44:07 simplesamlphp DEBUG [f22b81f502] Received message:
Oct 28 10:44:07 simplesamlphp DEBUG [f22b81f502] <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_33a7903a615d6b4befe75362a156e0b5e148d911f6" Version="2.0" IssueInstant="2015-10-28T10:44:07Z" Destination="https://ivi.iterate.webfactional.com/simplesamlphp/www/saml2/idp/SSOService.php" AssertionConsumerServiceURL="https://vierteltesteu.eu.qualtrics.com/WRSAML/simplesaml/www/module.php/saml/sp/saml2-acs.php/default-sp" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
Oct 28 10:44:07 simplesamlphp DEBUG [f22b81f502]   <saml:Issuer>https://vierteltesteu.eu.qualtrics.com/WRSAML/simplesaml/www/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
Oct 28 10:44:07 simplesamlphp DEBUG [f22b81f502]   <samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" AllowCreate="true"/>
Oct 28 10:44:07 simplesamlphp DEBUG [f22b81f502] </samlp:AuthnRequest>
Oct 28 10:44:07 simplesamlphp INFO [f22b81f502] SAML2.0 - IdP.SSOService: Incomming Authentication request: 'https://vierteltesteu.eu.qualtrics.com/WRSAML/simplesaml/www/module.php/saml/sp/metadata.php/default-sp'
Oct 28 10:44:07 simplesamlphp DEBUG [f22b81f502] Session: 'drupal-userpass' not valid because we are not authenticated.
Oct 28 10:44:07 simplesamlphp DEBUG [f22b81f502] Saved state: '_c1b7d18a563569b29036c938319b4533636ec37b45:https://ivi.iterate.webfactional.com/simplesamlphp/www/saml2/idp/SSOService.php?spentityid=https%3A%2F%2Fvierteltesteu.eu.qualtrics.com%2FWRSAML%2Fsimplesaml%2Fwww%2Fmodule.php%2Fsaml%2Fsp%2Fmetadata.php%2Fdefault-sp&cookieTime=1446029047&RelayState=https%3A%2F%2Fvierteltesteu.eu.qualtrics.com%2FControlPanel%2F'
Oct 28 10:45:36 simplesamlphp DEBUG [f22b81f502] Loading state: '_c1b7d18a563569b29036c938319b4533636ec37b45:https://ivi.iterate.webfactional.com/simplesamlphp/www/saml2/idp/SSOService.php?spentityid=https%3A%2F%2Fvierteltesteu.eu.qualtrics.com%2FWRSAML%2Fsimplesaml%2Fwww%2Fmodule.php%2Fsaml%2Fsp%2Fmetadata.php%2Fdefault-sp&cookieTime=1446029047&RelayState=https%3A%2F%2Fvierteltesteu.eu.qualtrics.com%2FControlPanel%2F'
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] Backtrace:
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] 0 /home/iterate/webapps/ivi/simplesamlphp/www/module.php:179 (N/A)
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] Caused by: SimpleSAML_Error_Exception: User not authenticated after login page.
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] Backtrace:
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] 2 /home/iterate/webapps/ivi/simplesamlphp/modules/drupalauth/lib/Auth/Source/External.php:437 (sspmod_drupalauth_Auth_Source_External::resume)
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] 1 /home/iterate/webapps/ivi/simplesamlphp/modules/drupalauth/www/resume.php:12 (require)
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] 0 /home/iterate/webapps/ivi/simplesamlphp/www/module.php:134 (N/A)
Oct 28 10:45:36 simplesamlphp ERROR [f22b81f502] Error report with id 4209df11 generated.
Oct 28 10:45:36 simplesamlphp DEBUG [f22b81f502] Template: Reading [/home/iterate/webapps/ivi/simplesamlphp/dictionaries/errors]


Any idea ?

Thanks.

[lyn...@gmail.com]

Hello,

With SAML tracer I can see that I have a GET request with an error 500. Any idea what could be the cause ?

Before the GET  request I have a POST request. Is this normal ?

I'm using https with a self signed certificate. Could https misconfigured causing this issue ?

SAML Tracer:

GET https://ivi.iterate.webfactional.com/simplesamlphp/www/module.php/drupalauth/resume.php?State=_df29579d8d68f54ddfe782e70248cfd8c22cbc7e41%3Ahttps%3A%2F%2Fivi.iterate.webfactional.com%2Fsimplesamlphp%2Fwww%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Ddrupal-userpass%26ReturnTo%3Dhttps%253A%252F%252Fivi.iterate.webfactional.com%252Fsimplesamlphp%252Fwww%252Fmodule.php%252Fcore%252Fauthenticate.php%253Fas%253Ddrupal-userpass HTTP/1.1
Host: ivi.iterate.webfactional.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://ivi.iterate.webfactional.com/user/login?ReturnTo=https%3A%2F%2Fivi.iterate.webfactional.com%2Fsimplesamlphp%2Fwww%2Fmodule.php%2Fdrupalauth%2Fresume.php%3FState%3D_df29579d8d68f54ddfe782e70248cfd8c22cbc7e41%253Ahttps%253A%252F%252Fivi.iterate.webfactional.com%252Fsimplesamlphp%252Fwww%252Fmodule.php%252Fcore%252Fas_login.php%253FAuthId%253Ddrupal-userpass%2526ReturnTo%253Dhttps%25253A%25252F%25252Fivi.iterate.webfactional.com%25252Fsimplesamlphp%25252Fwww%25252Fmodule.php%25252Fcore%25252Fauthenticate.php%25253Fas%25253Ddrupal-userpass
Cookie: SimpleSAMLSessionID=2bc52fcd80f365a4564b43d36cb546bb; has_js=1; __utma=20340192.1417364298.1446135992.1446135992.1446135992.1; __utmb=20340192.1.10.1446135992; __utmc=20340192; __utmz=20340192.1446135992.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; SSESS5d653a5115d3cd33b976f3ed5107c366=J0snN7YGoKZduj98UbGcpuDeuYf3OSHRGFwcmCR4suI

HTTP/?.? 500 Internal Server Error
Server: nginx
Date: Thu, 29 Oct 2015 16:26:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Etag: "1446136003"
X-Frame-Options: SAMEORIGIN
Last-Modified: Thu, 29 Oct 2015 16:26:43 GMT


Any ideas ?

Thanks

[Peter Schober]

* lyn...@gmail.com <lyn...@gmail.com> [2015-10-29 17:35]:

> With SAML tracer I can see that I have a GET request with an error 500. Any
> idea what could be the cause ?

HTTP 500 Internal Server Error means just that.
Check your web server (Nginx, it seems) logs for errors.

> Before the GET request I have a POST request. Is this normal ?

To the same server: certainly (e.g. first POST'ing the SAML reponse to
the ACS URL, then GET'ing the desired resource).
To the exact same resource: Not in SAML, at least.

> I'm using https with a self signed certificate. Could https misconfigured
> causing this issue ?

Any kind of fatal server misconfiguration could cause an HTTP 500.
Using (any kind, including self-sigend) certs correctly will not lead
to this.
-peter

[lyn...@gmail.com]

Actually I found that because I'm using https I have to change line 141 in drupalauth4ssp.

Thanks to  https://code.google.com/p/drupalauth/issues/detail?id=12   :

1. Configure drupalauth + drupalauth4ssp
2. In simplesaml config.php file, set up baseurlpath to any valid URL (http://...

Logins do not work, because the cookie path that drupal module is trying to set will equal to /http://.. as per following code:

  // get the baseurlpath
  $config['baseurlpath'] = '/' . $sspConfig->getValue('baseurlpath');

I'm just wondering if there is any consequences.

Anyway, it's solved. Thanks

[Peter Schober]

* lyn...@gmail.com <lyn...@gmail.com> [2015-10-30 19:05]:

> Logins do not work, because the cookie path that drupal module is
> trying to set will equal to /http://.. as per following code:

Years ago SimpleSAMLphp only expected/accepted the REUQEST_URI part as
baseurlpath, later you could optionally also provide schema, hostname
and port. Seems that code never was updated to work with less ancient
SimplesAMLphp releases.
-peter