Open msslgomez opened 11 months ago
SanderMuller
commented
11 months ago We are also getting this issue since about the same time. It still worked on my machine when running OpenSSL 1.1, PHP 8.2.3 but stopped working when I upgraded my packages (OpenSSL 3, PHP 8.2.5)
I haven't found a fix yet
msslgomez
commented
11 months ago @SanderMuller We managed to get around it by disabling the encryption in one of the config files, I think it was 'encrypt_assertion' that we put that on false. We didn't even update any of our packages, I'm not really sure why ours starting failing.
Treggats
commented
11 months ago @msslgomez it's indeed the encrypt_assertion option. That's currently our workaround, so that the tests are passing again.
But we're still looking for an actual fix.
// Encrypt requests and responses
'encrypt_assertion' => env('APP_ENV') !== 'testing',@Treggats ours only works as
'encrypt_assertion' => false@msslgomez we are only experiencing problems with our testsuite. So the above snippet sets it to false while the tests are running. So it does not affect the production environment
msslgomez
commented
11 months ago @Treggats Our case was backwards, only affected production we couldn't even reproduce the error not that we wanted to.
SanderMuller
commented
11 months ago @Treggats Our case was backwards, only affected production we couldn't even reproduce the error not that we wanted to.
I didn't have it locally until I updated my PHP and OpenSSL
Navi2016
commented
9 months ago Could be related to issue: https://github.com/robrichards/xmlseclibs/issues/257
Happened after upgrading to PHP 8.2.8 from 8.2.7.
For me it also works in 8.2.8 when setting 'encrypt_assertion' => false in the idp.
Both my PHP 8.2.7 and 8.2.8 are using OpenSSL 3.0.8 7 Feb 2023 so i don't think it's in OpenSSL. Also happens on another server running PHP >= 8.2.8 and OpenSSL 1.1.1k FIPS 25 Mar 2021. (Fine on 8.2.7)
Today we started getting this error out of the blue and can no longer log into our systems. I have no idea what could be happening and need help.
This is what we see after attempting to login, it just reloads that over and over.
Reference validation failed Redirecting to https://...In the logs I also get this errors
This is the package info "aacotroneo/laravel-saml2": "^2.1",
I'm using Laravel 9, the super weird thing is this has been working no problems for over 6 months, but today randomly without any changes in our code it stopped working.
I didn't set this up so I'm very unfamiliar to how this works and what to do. Any help is figuring out what is happening and how to fix it would be greatly appreciated. I'm desperate at this point.