search

derricksmith / phpsaml

GLPI Plugin - SAML integration using the Onelogin SAML Library
MIT License
32 stars 24 forks source link

redirecrt display blank page http://localhost/glpi/plugins/phpsaml/front/acs.php #100

Open seckka212 opened 2 years ago

seckka212 commented 2 years ago

Hi I ahve glpi 9.5.7 and phpsaml plugin 1.1.0.After configuration of SP and IDP authentication works very well but i am always redirected to this link http://localhost/glpi/plugins/phpsaml/front/acs.php and a blank page appear.How can i solve this issue please. Regards

DonutsNL commented 2 years ago

Hi Seckka,

The IDP should redirect you to the given url after authentication. The acs evaluates the response from the idp and performs another redirect. A blank page might indicate a php execution problem.

This migh well be caused by the older GLPI version. On that, the authors of GLPI recommend to update to the latest version 10.0.2 if you can. Also see: https://github.com/glpi-project/glpi/releases/

In either case please do pull the latest phpsaml version from this repository and update.

If the issue still exists please collect and share relevant entries from your php error log. This will help understand what is going wrong.

rgrds,

Ketchup31 commented 2 years ago

Hello, I have the same behavior once I authenticated, I get a blank screen. At IDP level the logs seems correct and authentication is successful. I have to say that as I cannot setup the phpSAML settings via the GUI, I inserted them via SQL statements like explained in #101. Would it be the root cause of my issue? Any idea would be welcome. Thank you.

GLPI version: 10.0.02 PHPSAML version: 1.2.1 PHP version: PHP 7.4.28 (cli) (built: Feb 17 2022 16:17:19) ( NTS )

in php-errors.log file I have the following errors messages:

2022-08-10 02:06:19 [@glpi-server]
No private key available, check settings
[2022-08-10 02:06:19] glpiphplog.CRITICAL:   *** Uncaught Exception Twig\Error\LoaderError: The "../../../templates" directory does not exist ("/var/www/html/glpi/../../../templates"). in /var/www/html/glpi/vendor/twig/twig/src/Loader/FilesystemLoader.php at line 92
  Backtrace :
  ...or/twig/twig/src/Loader/FilesystemLoader.php:78 Twig\Loader\FilesystemLoader->addPath()
  ...or/twig/twig/src/Loader/FilesystemLoader.php:45 Twig\Loader\FilesystemLoader->setPaths()
  ...pi/src/Application/View/TemplateRenderer.php:71 Twig\Loader\FilesystemLoader->__construct()
  ...i/src/Application/View/TemplateRenderer.php:134 Glpi\Application\View\TemplateRenderer->__construct()
  /var/www/html/glpi/src/Html.php:1383               Glpi\Application\View\TemplateRenderer::getInstance()
  /var/www/html/glpi/src/Html.php:2130               Html::includeHeader()
  .../www/html/glpi/plugins/phpsaml/front/acs.php:61 Html::nullHeader()

in phpsaml.log file:

2022-08-09 03:01:34 [2@glpi-server]
INFO -- Checking Settings and Upgrading to 1.0.0 if necessary
2022-08-09 03:01:34 [2@glpi-server]
INFO -- Upgrading PHPSAML plugin to 1.0.9
2022-08-09 03:01:34 [2@glpi-server]
INFO -- PHPSAML upgraded to 1.0.9
2022-08-09 03:01:34 [2@glpi-server]
INFO -- Checking Settings and Upgrading to 1.1.0 if necessary
2022-08-09 03:01:34 [2@glpi-server]
INFO -- PHPSAML upgraded to 1.1.0
2022-08-09 03:01:34 [2@glpi-server]
INFO -- Checking Settings and Upgrading to 1.1.1 if necessary
2022-08-09 03:01:34 [2@glpi-server]
INFO -- PHPSAML upgraded to 1.1.1
2022-08-09 03:01:34 [2@glpi-server]
INFO -- Checking Settings and Upgrading to 1.1.2 if necessary
2022-08-09 03:01:34 [2@glpi-server]
INFO -- PHPSAML upgraded to 1.1.2
2022-08-09 03:01:34 [2@glpi-server]
INFO -- Checking Settings and Upgrading to 1.1.3 if necessary
2022-08-09 03:01:34 [2@glpi-server]
INFO -- PHPSAML upgraded to 1.1.3
2022-08-09 03:01:34 [2@glpi-server]
INFO -- Checking Settings and Upgrading to 1.2.0 if necessary
2022-08-09 03:01:34 [2@glpi-server]
INFO -- PHPSAML upgraded to 1.2.0
2022-08-09 03:01:34 [2@glpi-server]
INFO -- Checking Settings and Upgrading to 1.2.1 if necessary
2022-08-09 03:01:34 [2@glpi-server]
INFO -- PHPSAML upgraded to 1.2.1
DonutsNL commented 2 years ago

Hi Thank you for sharing.

I wonder, did you replace the glpi root directory or overwrite it during glpi upgrade?

Can you verify the glpi templates are available in your instance?

Does this error also occur in a clean glpi 10 install on your environment?

Ketchup31 commented 2 years ago

Hi, Thank you for your support. GLPI is in docker container. I do not change anything since the docker has started. When I go to the volume where GLPI stores its files, I can see the directory templates here /var/www/html/glpi/templates I stopped and run new container several times but the problem is still there.

DonutsNL commented 2 years ago

I see.

just dove into the code a bit.

The private key exception is raised by the SAML library at response.php line 1054 during the decryptAssertion. The decryptAssertion method is called during _construct at response.php line 113.

Im not sure why but this exception is not caught by the $samlResponse->isValid function that we are using to validate the response. I would assume, not being able to decrypt the response should result in an invalid message. But is seems that only the header is being checked not the body of the message at Response.php line 182. Without a captured message at this point I can only assume. If memory serves me well, encrypting only the body or the whole message is an configurable option at the Idp.

@Ketchup31 The fix obviously is to correct the private key or not using strict mode. If you want to use strict mode make sure you provide valid server certificates both the public and private parts in the phpsaml configuration.

In regards to the insert. After initial insert into the database you should be able to configure it using the GUI. Try and review the configuration there, change the debug option and save it. At least it will make sure the correct values are being passed into the database.

@derricksmith the nullheader error is possibly caused by a GLPI bug or because glpi is ran inside a container (dont have containers available here). This might need further investigation. Also we might need to wrap $samlResponse at acs.php line 34 in a try catch to capture the error being thrown by the object at instantiation and report that with the error thrown. Not all error conditions are evaluated it seems by the isValid method.

Rgrds

Ketchup31 commented 2 years ago

@DonutsNL Thank you it work now. I updated my settings in my IDP, and also updated my settings via the GUI. I think that it changed something in my database to have the rights data expected by phpSAML.

Regards.

jviadair commented 2 years ago

Hi,

I've the same problem. I get a black screen (https://localhost/glpi/plugins/phpsaml/front/acs.php). I cannot setup the phpSAML settings via the GUI, I inserted them via SQL statements like explained in https://github.com/derricksmith/phpsaml/issues/101

GLPI version: 10.0.3 PHPSAML version: 1.2.1 PHP version: PHP 7.4.3

php-errors.log

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 145
  Backtrace :
  src/Plugin.php:294                                 plugin_init_phpsaml()
  src/Plugin.php:248                                 Plugin::load()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 145
  Backtrace :
  src/Plugin.php:294                                 plugin_init_phpsaml()
  src/Plugin.php:248                                 Plugin::load()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 161
  Backtrace :
  src/Plugin.php:1491                                plugin_post_init_phpsaml()
  src/Plugin.php:251                                 Plugin::doHook()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 161
  Backtrace :
  src/Plugin.php:1491                                plugin_post_init_phpsaml()
  src/Plugin.php:251                                 Plugin::doHook()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.WARNING: Test logger

What am I doing wrong?

Thanks,

derricksmith commented 2 years ago

Hi,

I've the same problem. I get a black screen (https://localhost/glpi/plugins/phpsaml/front/acs.php). I cannot setup the phpSAML settings via the GUI, I inserted them via SQL statements like explained in #101

GLPI version: 10.0.3 PHPSAML version: 1.2.1 PHP version: PHP 7.4.3

php-errors.log

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 145
  Backtrace :
  src/Plugin.php:294                                 plugin_init_phpsaml()
  src/Plugin.php:248                                 Plugin::load()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 145
  Backtrace :
  src/Plugin.php:294                                 plugin_init_phpsaml()
  src/Plugin.php:248                                 Plugin::load()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 161
  Backtrace :
  src/Plugin.php:1491                                plugin_post_init_phpsaml()
  src/Plugin.php:251                                 Plugin::doHook()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.NOTICE:   *** PHP Notice (8): Undefined index: REQUEST_URI in /var/www/html/glpi/plugins/phpsaml/setup.php at line 161
  Backtrace :
  src/Plugin.php:1491                                plugin_post_init_phpsaml()
  src/Plugin.php:251                                 Plugin::doHook()
  src/Console/Application.php:119                    Plugin->init()
  bin/console:121                                    Glpi\Console\Application->__construct()

[2022-10-03 07:40:01] glpiphplog.WARNING: Test logger

What am I doing wrong?

Thanks,

This does not appear to be the same issue @Ketchup31 has, based on your logs.

derricksmith commented 2 years ago

I see.

just dove into the code a bit.

The private key exception is raised by the SAML library at response.php line 1054 during the decryptAssertion. The decryptAssertion method is called during _construct at response.php line 113.

Im not sure why but this exception is not caught by the $samlResponse->isValid function that we are using to validate the response. I would assume, not being able to decrypt the response should result in an invalid message. But is seems that only the header is being checked not the body of the message at Response.php line 182. Without a captured message at this point I can only assume. If memory serves me well, encrypting only the body or the whole message is an configurable option at the Idp.

@Ketchup31 The fix obviously is to correct the private key or not using strict mode. If you want to use strict mode make sure you provide valid server certificates both the public and private parts in the phpsaml configuration.

In regards to the insert. After initial insert into the database you should be able to configure it using the GUI. Try and review the configuration there, change the debug option and save it. At least it will make sure the correct values are being passed into the database.

@derricksmith the nullheader error is possibly caused by a GLPI bug or because glpi is ran inside a container (dont have containers available here). This might need further investigation. Also we might need to wrap $samlResponse at acs.php line 34 in a try catch to capture the error being thrown by the object at instantiation and report that with the error thrown. Not all error conditions are evaluated it seems by the isValid method.

Rgrds

This error seems suspect to me. Possibly due to the variable assignment in acs.php on lines 2-6.

*** Uncaught Exception Twig\Error\LoaderError: The "../../../templates" directory does not exist ("/var/www/html/glpi/../../../templates").