Redirect message and State information lost error

[phuh...@gmail.com]

Hello,

I'm using SimpleSAMLphp (1.12.0) as SP to communicate with a ADFS server as IdP.

I have a test file at https://mysp.abc.com/test/test.php. When I access this file by normal mode of IE 11, Firefox or Chrome, most of the time it shows a blank page, sometimes it shows a redirect message. If I use InPrivate/Incognito mode of IE, Firefox, Chrome, i got the redirect message constantly:

Redirect

You were redirected to: https://myidp.abc.com/adfs/ls/?SAMLRequest=pVLLT...&RelayState=https%3A%2F%2Fmysp.abc.com%2Ftest%2Ftest.php

I click on the link and it show me the log in page. After input my username and password, the web browser returns to https://mysp.abc.com/simplesaml/module.php/saml/sp/saml2-acs.php/my_sp

with error message:

State information lost

State information lost, and no way to restart the request

Debug information

The debug information below may be of interest to the administrator / help desk:

SimpleSAML_Error_NoState: NOSTATE

Backtrace:

2 /install_path/simplesamlphp/lib/SimpleSAML/Auth/State.php:226 (SimpleSAML_Auth_State::loadState)

1 /install_path/simplesamlphp/modules/saml/www/sp/saml2-acs.php:63 (require)

0 /install_path/simplesamlphp/www/module.php:135 (N/A)

At this point if I go to https://mysp.abc.com/test/test.php again, it shows a redirect message, clicking on that link and it will show the SAML response (and "Hello").

If I use function "Test configured authentication sources" in Authentication tab, everything is fine: go to login page directly, input username and password, and get the attributes.

Hence, my questions are:

- What caused my test.php page does not work stable? (it shows bank page or sometimes show a redirect message)

- How can I make the test page test.php redirect to login page automatically?

- How to solve the NOSTATE error?

I configured files as follow:

- file testing test.php

<?php

require_once('../simplesaml/../lib/_autoload.php');

$as = new SimpleSAML_Auth_Simple('my_sp');

$as->requireAuth();

$attributes = $as->getAttributes();

print_r($attributes);

echo "Hello";

?>

- file authsources.php

'my_sp' => array( 

'saml:SP', 

'idp' => 'my_idp',

'privatekey' => 'mypem.pem', 

'certificate' => 'mycrt.crt',

),

- file config.php

'trusted.url.domains' => array('myidp.abc.com', 'mysp.abc.com'),

'session.cookie.domain' => NULL,    // default value, I tried 'session.cookie.domain' => '.abc.com', but it does not work.

- file saml20-idp-remore.php

$metadata['my_idp'] = array (

  'entityid' => 'my_idp',

  'contacts' => 

  array (

    0 => 

    array (

      'contactType' => 'support',

    ),

  ),

  'metadata-set' => 'saml20-idp-remote',

  'SingleSignOnService' => 

  array (

    0 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

    ),

    1 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

    ),

  ),

  'SingleLogoutService' => 

  array (

    0 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

    ),

    1 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

    ),

  ),

  'ArtifactResolutionService' => 

  array (

    0 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',

      'Location' => 'https://myidp.abc.com/adfs/services/trust/artifactresolution',

      'index' => 0,

    ),

  ),

  'keys' => 

  array (

    0 => 

    array (

      'encryption' => true,

      'signing' => false,

      'type' => 'X509Certificate',

      'X509Certificate' => 'MIIExjC...',

    ),

    1 => 

    array (

      'encryption' => false,

      'signing' => true,

      'type' => 'X509Certificate',

      'X509Certificate' => 'MIIGzjC...',

    ),

  ),

);

- file saml20-sp-remote.php

$metadata['my_idp'] = array (

  'entityid' => 'my_idp',

  'contacts' => 

  array (

    0 => 

    array (

      'contactType' => 'support',

    ),

  ),

  'metadata-set' => 'saml20-sp-remote',

  'AssertionConsumerService' => 

  array (

    0 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

      'index' => 0,

      'isDefault' => true,

    ),

    1 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

      'index' => 1,

    ),

    2 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

      'index' => 2,

    ),

  ),

  'SingleLogoutService' => 

  array (

    0 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

    ),

    1 => 

    array (

      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',

      'Location' => 'https://myidp.abc.com/adfs/ls/',

    ),

  ),

  'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',

  'keys' => 

  array (

    0 => 

    array (

      'encryption' => true,

      'signing' => false,

      'type' => 'X509Certificate',

      'X509Certificate' => 'MIIE...',

    ),

    1 => 

    array (

      'encryption' => false,

      'signing' => true,

      'type' => 'X509Certificate',

      'X509Certificate' => 'MIIG...',

    ),

  ),

  'saml20.sign.assertion' => true,

);

And as you can see, both IdP and SP use https, IdP is a Windows server, and SP is a Linux server.

Thanks in advance,

Kind regards,

Henry.

[tm...@medhub.com]

I am running into the exact same issue (State Information Lost error when using SimpleSAMLphp with an ADFS IdP).  It looks like this was originally posted about 2 months ago.  Were you able to fix the problem?  If so, please provide a description of the fix.

Thanks,

Tom

[phuh...@gmail.com]

Hi,

For my case, I checked log file on (SP) server and found that an error message "Cannot modify header information - headers already sent" comes along with SimpleSAML_Error_NoState: NOSTATE. The cause is at file test.php. How to solve it:

- The first line must be like this: <?php require_once('../simplesaml/../lib/_autoload.php'); (no space before <?php, one space between <?php and require_once )

- Save file in mode "UTF-8 without BOM": In Notepad++, (write some dump chars and then delete it, please don't use Ctrl+Z) at menu Encoding -> Encode in UTF-8 without BOM -> Save.

It works for me. 3 problems are solved at the same time.

Ref links:

http://wordpress.org/support/topic/unable-to-log-in-cookies-are-blocked-due-to-unexpected-output

http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php  

So, forget Beautiful Code, Safety First! :)

Like other victims of this error, I spent too much time for it. :|

Hope this help for you.

Kind regards,