search

DataShades / ckanext-saml2

SAML2 Authentication extension for CKAN
5 stars 23 forks source link

ValueError: One of 'secret' or 'secretfile' must not be None. #96

Closed paulkilla closed 6 years ago

paulkilla commented 6 years ago

Following the README I have the pem files, along with idp.xml file.

Running the command: /usr/lib/ckan/default/bin/python /usr/lib/ckan/default/src/pysaml2/tools/make_metadata.py /usr/lib/ckan/default/src/ckanext-saml2/ckanext/saml2/config/sp_config.py > sp.xml

Produces the file, but in the README it mentions copying ckanext/saml2/config/who.ini to /etc/ckan/who.ini (or in my case /etc/ckan/default/who.ini)

There is no who.ini, only a who.ini.sample. Upon copying that and restarting httpd, loading the page I get:

[Wed Apr 11 16:18:59.881312 2018] [:error] [pid 1522] [remote 10.13.1.1:0] mod_wsgi (pid=1522): Target WSGI script '/etc/ckan/default/apache.wsgi' cannot be loaded as Python module. [Wed Apr 11 16:18:59.881387 2018] [:error] [pid 1522] [remote 10.13.1.1:0] mod_wsgi (pid=1522): Exception occurred processing WSGI script '/etc/ckan/default/apache.wsgi'. [Wed Apr 11 16:18:59.881415 2018] [:error] [pid 1522] [remote 10.13.1.1:0] Traceback (most recent call last): [Wed Apr 11 16:18:59.881434 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/etc/ckan/default/apache.wsgi", line 9, in [Wed Apr 11 16:18:59.881459 2018] [:error] [pid 1522] [remote 10.13.1.1:0] application = loadapp('config:%s' % config_filepath) [Wed Apr 11 16:18:59.881478 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 247, in loadapp [Wed Apr 11 16:18:59.881498 2018] [:error] [pid 1522] [remote 10.13.1.1:0] return loadobj(APP, uri, name=name, kw) [Wed Apr 11 16:18:59.881506 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 272, in loadobj [Wed Apr 11 16:18:59.881538 2018] [:error] [pid 1522] [remote 10.13.1.1:0] return context.create() [Wed Apr 11 16:18:59.881564 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in create [Wed Apr 11 16:18:59.881576 2018] [:error] [pid 1522] [remote 10.13.1.1:0] return self.object_type.invoke(self) [Wed Apr 11 16:18:59.881582 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 146, in invoke [Wed Apr 11 16:18:59.881610 2018] [:error] [pid 1522] [remote 10.13.1.1:0] return fix_call(context.object, context.global_conf, context.local_conf) [Wed Apr 11 16:18:59.881617 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/util.py", line 55, in fix_call [Wed Apr 11 16:18:59.881628 2018] [:error] [pid 1522] [remote 10.13.1.1:0] val = callable(*args, kw) [Wed Apr 11 16:18:59.881635 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/init.py", line 49, in make_app [Wed Apr 11 16:18:59.881647 2018] [:error] [pid 1522] [remote 10.13.1.1:0] app_conf) [Wed Apr 11 16:18:59.881653 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/pylons_app.py", line 121, in make_pylons_stack [Wed Apr 11 16:18:59.881755 2018] [:error] [pid 1522] [remote 10.13.1.1:0] who_parser.parse(open(app_conf['who.config_file'])) [Wed Apr 11 16:18:59.881773 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/repoze/who/config.py", line 86, in parse [Wed Apr 11 16:18:59.881909 2018] [:error] [pid 1522] [remote 10.13.1.1:0] obj = self._makePlugin(name, IPlugin, options) [Wed Apr 11 16:18:59.881922 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/repoze/who/config.py", line 42, in _makePlugin [Wed Apr 11 16:18:59.881937 2018] [:error] [pid 1522] [remote 10.13.1.1:0] obj = obj(**options) [Wed Apr 11 16:18:59.881943 2018] [:error] [pid 1522] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/repoze/who/plugins/auth_tkt.py", line 234, in make_plugin [Wed Apr 11 16:18:59.882088 2018] [:error] [pid 1522] [remote 10.13.1.1:0] raise ValueError("One of 'secret' or 'secretfile' must not be None.") [Wed Apr 11 16:18:59.882144 2018] [:error] [pid 1522] [remote 10.13.1.1:0] ValueError: One of 'secret' or 'secretfile' must not be None.

If I add a secret = randomvalue into who.ini in /etc/ckan/default/who.ini (not sure if this is what im suppose to do).. I then get this error:

[Wed Apr 11 16:24:01.161508 2018] [:error] [pid 2006] [remote 10.13.1.1:0] mod_wsgi (pid=2006): Target WSGI script '/etc/ckan/default/apache.wsgi' cannot be loaded as Python module. [Wed Apr 11 16:24:01.161588 2018] [:error] [pid 2006] [remote 10.13.1.1:0] mod_wsgi (pid=2006): Exception occurred processing WSGI script '/etc/ckan/default/apache.wsgi'. [Wed Apr 11 16:24:01.161628 2018] [:error] [pid 2006] [remote 10.13.1.1:0] Traceback (most recent call last): [Wed Apr 11 16:24:01.161647 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/etc/ckan/default/apache.wsgi", line 9, in [Wed Apr 11 16:24:01.161674 2018] [:error] [pid 2006] [remote 10.13.1.1:0] application = loadapp('config:%s' % config_filepath) [Wed Apr 11 16:24:01.161698 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 247, in loadapp [Wed Apr 11 16:24:01.161714 2018] [:error] [pid 2006] [remote 10.13.1.1:0] return loadobj(APP, uri, name=name, kw) [Wed Apr 11 16:24:01.161726 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 272, in loadobj [Wed Apr 11 16:24:01.161737 2018] [:error] [pid 2006] [remote 10.13.1.1:0] return context.create() [Wed Apr 11 16:24:01.161748 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 710, in create [Wed Apr 11 16:24:01.161758 2018] [:error] [pid 2006] [remote 10.13.1.1:0] return self.object_type.invoke(self) [Wed Apr 11 16:24:01.161768 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/loadwsgi.py", line 146, in invoke [Wed Apr 11 16:24:01.161779 2018] [:error] [pid 2006] [remote 10.13.1.1:0] return fix_call(context.object, context.global_conf, context.local_conf) [Wed Apr 11 16:24:01.161814 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/paste/deploy/util.py", line 55, in fix_call [Wed Apr 11 16:24:01.161826 2018] [:error] [pid 2006] [remote 10.13.1.1:0] val = callable(*args, kw) [Wed Apr 11 16:24:01.161837 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/init.py", line 49, in make_app [Wed Apr 11 16:24:01.161849 2018] [:error] [pid 2006] [remote 10.13.1.1:0] app_conf) [Wed Apr 11 16:24:01.161859 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/ckan/ckan/config/middleware/pylons_app.py", line 121, in make_pylons_stack [Wed Apr 11 16:24:01.161976 2018] [:error] [pid 2006] [remote 10.13.1.1:0] who_parser.parse(open(app_conf['who.config_file'])) [Wed Apr 11 16:24:01.162009 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/repoze/who/config.py", line 86, in parse [Wed Apr 11 16:24:01.162098 2018] [:error] [pid 2006] [remote 10.13.1.1:0] obj = self._makePlugin(name, IPlugin, options) [Wed Apr 11 16:24:01.162126 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/lib/python2.7/site-packages/repoze/who/config.py", line 42, in _makePlugin [Wed Apr 11 16:24:01.162141 2018] [:error] [pid 2006] [remote 10.13.1.1:0] obj = obj(**options) [Wed Apr 11 16:24:01.162151 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/pysaml2/src/saml2/s2repoze/plugins/sp.py", line 663, in make_plugin [Wed Apr 11 16:24:01.162329 2018] [:error] [pid 2006] [remote 10.13.1.1:0] virtual_organization=virtual_organization) [Wed Apr 11 16:24:01.162344 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/pysaml2/src/saml2/client_base.py", line 102, in init [Wed Apr 11 16:24:01.162553 2018] [:error] [pid 2006] [remote 10.13.1.1:0] self.users = Population(identity_cache) [Wed Apr 11 16:24:01.162564 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/pysaml2/src/saml2/population.py", line 12, in init [Wed Apr 11 16:24:01.162650 2018] [:error] [pid 2006] [remote 10.13.1.1:0] self.cache = Cache(cache) [Wed Apr 11 16:24:01.162673 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib/ckan/default/src/pysaml2/src/saml2/cache.py", line 26, in init [Wed Apr 11 16:24:01.162731 2018] [:error] [pid 2006] [remote 10.13.1.1:0] self._db = shelve.open(filename, writeback=True, protocol=2) [Wed Apr 11 16:24:01.162740 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib64/python2.7/shelve.py", line 239, in open [Wed Apr 11 16:24:01.162817 2018] [:error] [pid 2006] [remote 10.13.1.1:0] return DbfilenameShelf(filename, flag, protocol, writeback) [Wed Apr 11 16:24:01.162827 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib64/python2.7/shelve.py", line 223, in init [Wed Apr 11 16:24:01.162840 2018] [:error] [pid 2006] [remote 10.13.1.1:0] Shelf.init(self, anydbm.open(filename, flag), protocol, writeback) [Wed Apr 11 16:24:01.162847 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib64/python2.7/anydbm.py", line 85, in open [Wed Apr 11 16:24:01.162894 2018] [:error] [pid 2006] [remote 10.13.1.1:0] return mod.open(file, flag, mode) [Wed Apr 11 16:24:01.162904 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib64/python2.7/dbhash.py", line 18, in open [Wed Apr 11 16:24:01.162941 2018] [:error] [pid 2006] [remote 10.13.1.1:0] return bsddb.hashopen(file, flag, mode) [Wed Apr 11 16:24:01.162949 2018] [:error] [pid 2006] [remote 10.13.1.1:0] File "/usr/lib64/python2.7/bsddb/init.py", line 364, in hashopen [Wed Apr 11 16:24:01.163193 2018] [:error] [pid 2006] [remote 10.13.1.1:0] d.open(file, db.DB_HASH, flags, mode) [Wed Apr 11 16:24:01.163221 2018] [:error] [pid 2006] [remote 10.13.1.1:0] DBNoSuchFileError: (2, 'No such file or directory')

Any assistance would be greatly appreciated.

paulkilla commented 6 years ago

So I've done a fresh install, and along with that upon copying the who.ini.sample I had to refactor the following.

< use = repoze.who.plugins.auth_tkt:make_plugin

use = ckan.lib.auth_tkt:make_plugin

Now I get the DBNoSuchFileError as above.

paulkilla commented 6 years ago

I'm going to close this issue, as commented out the sid_store and identity_cache seems to fix it (uses in memory?)

amercader commented 5 years ago

In case someone stumbles on this thread, to fix the DBNoSuchFileError you just need to create the /tmp/default folder (and make sure the owner is a the user running ckan, eg www-data). Or just change the values of sid_store and identity_cache in who.ini to writable folders.

dyaw-Drexel commented 4 years ago

I'm having the same issue... what can be done to fix this? I tried what op suggested and it did not change anything...

mkuder commented 1 year ago

I'm having the same issue... what can be done to fix this? I tried what op suggested and it did not change anything...

I know I'm posting in an old thread and repo, but after wasting almost a day debugging this issue I am putting another solution here, if it will help anyone in the future.

For some reason (probably something in system db libraries) creating the /tmp/default folder as suggested (with various variants of permissions) did not help. In my case everything worked after moving the sp_sid_store and sp_identity_cache from inside the /tmp/default folder directly to /tmp, so:

sid_store = /tmp/sp_sid_store
identity_cache = /tmp/sp_identity_cache

with both directories created at 755 permissions and the apache user as the owner. If the directories were under the /tmp/default subfolder it didn't work (raised the DBNoSuchFileError) even if the two directories and their parent had sufficient permissions.

Note also that commenting out the cache configuration altogether helped with the login procedure, but caused KeyError problems at logout due to missing cache values.