search

SAML-Toolkits / wordpress-saml

OneLogin SAML plugin for Wordpress
MIT License
65 stars 74 forks source link

Getting fatal error when going to /wp-login.php?saml_acs #74

Closed deroy-tronc closed 4 years ago

deroy-tronc commented 5 years ago

When trying to access the saml login, /wp-login.php?saml_acs, I keep getting a HTTP 500 error. When coming from ADFS, I am able to login to the site but when trying to login via WordPress and saml, I cannot due to the error.

I am proving the error log below. Any help is greatly appreciated.

Error Log: PHP Fatal error: Uncaught Exception: Failure Signing Data: - 1 in /wp-content/plugins/onelogin-saml-sso/php/extlib/xmlseclibs/src/XMLSecurityKey.php:500\nStack trace:\n#0 /wp-content/plugins/onelogin-saml-sso/php/extlib/xmlseclibs/src/XMLSecurityKey.php(580): RobRichards\XMLSecLibs\XMLSecurityKey->signOpenSSL('SAMLRequest=hZJ...')\n#1 /wp-content/plugins/onelogin-saml-sso/php/lib/Saml2/Auth.php(722): RobRichards\XMLSecLibs\XMLSecurityKey->signData('SAMLRequest=hZJ...')\n#2 /wp-content/plugins/onelogin-saml-sso/php/lib/Saml2/Auth.php(659): OneLogin\Saml2\Auth->buildMessageSignature('hZJbj9owEIXf+RU...', 'https://trbnnew...', 'http://www.w3.o...', 'SAMLRequest')\n#3 /wp-content/plugins/onelogin-saml-sso/php/lib/Saml2/Auth.php(546): OneLogin\Saml2\Auth->buildRequestSignature('hZJbj9owEIXf+RU...', 'https://trbnnew...', 'http://www.w3.o...')\n#4/wp-content/plugins in /wp-content/plugins/onelogin-saml-sso/php/extlib/xmlseclibs/src/XMLSecurityKey.php on line 500

donovandb commented 5 years ago

I don't use ADFS, but it looks like a certificate problem. Maybe re/copy your x.509 cert to the 'X.509 Certificate' field in the oneLogin settings?

https://support.solarwinds.com/SuccessCenter/s/article/Export-import-and-upload-the-token-signing-certificate see: 'Export the token-signing certificate from the AD FS server'

deroy-tronc commented 5 years ago

@donovandb Thanks for your response. I have again generated the new certificate and updated the oneLogin with the new certificate. But it still giving the same error.

I am using WPEngine hosting.

pitbulk commented 5 years ago

/wp-login.php?saml_acs is thr ACS endpoint where WordPress expects a POST SAMLResponse parameter. If you directly visit that URL with a GET, the saml plugin will raise a 500.

It seems you are getting a 500 for the 3rd party library used by the exension xmlseclibs.

The privateKey/public cert you placed on for the SP on the advanced settings seems wrong.

deroy-tronc commented 5 years ago

@pitbulk Sorry, there is a mistake in my question. Actually I am trying to visit wp-login.php?saml_sso not /wp-login.php?saml_acs

On Wordpress login page when I click on "SAML Login" button then it takes me to the wp-login.php?saml_sso and there I am getting 500 error,

When coming from ADFS, I am able to login to the site.

I am following this tutorial to set up the plugin: https://www.folio3.com/blog/wordpress-sso-how-to-integrate-saml-2-0-with-adfs-3-0/

dwieyoko commented 5 years ago

Hello, I've a problem with the sso, When I've tried to login with the saml, I've gotten error with message like this:

A SAML error has occurred The following eror occurred: The SAML message cannot be built Please contact your local help desk for assistance. When calling for assistance, we kindly ask you to provide your User ID and the error description. If you want to try again, you can close this screen and reopen the web page.

_/sps/AD_Europe_SaaSIDP/saml20/login

2019-04-29T08:29:00Z

Error details FBTSML218E The specifications for the SAML2.AssertionConsumerService endpoint are not valid.

Anyone can help me, what should I do to solve the error? Maybe @donovandb or @pitbulk Thanks.

pitbulk commented 5 years ago

That path "/sps/AD_Europe_SaaS_IDP/saml20/login" does not belong WP or the SAML extension, so not sure how we can help you.

pitbulk commented 5 years ago

@deroy-tronc

PHP Fatal error: Uncaught Exception: Failure Signing Data: - 1 in /wp-content/plugins/onelogin-saml-sso/php/extlib/xmlseclibs/src/XMLSecurityKey.php:500

        if (! openssl_sign($data, $signature, $this->key, $algo)) {
            throw new Exception('Failure Signing Data: ' . openssl_error_string() . ' - ' . $algo);
        }

The extension was not able to sign the AuthNRequest, possible reasons:

dwieyoko commented 5 years ago

@pitbulk this is the full URL https://euidp-acc.aholddelhaize.com/isam/sps/AD_Europe_SaaS_IDP/saml20/login

It's set as IdP Entity Id and Single Sign On Service Url

pitbulk commented 5 years ago
  1. This Issue section is to solve error/bugs of the WP SAML extension. If the error happens on other system, how can I help you?
  2. This specific Issue 74 was opened by @deroy-tronc, if your issue is not related, why posting a different issue here?
  3. https://euidp-acc.aholddelhaize.com is using IBM Security Access Manager that is raising the error, you may contact its admins to solve the issue.