drupalauth / simplesamlphp-module-drupalauth

simpleSAMLphp module that turns Drupal site into IdP(Identity Provider)
Other
24 stars 38 forks source link

Drupal simplesaml Login Problem #18

Closed GoogleCodeExporter closed 4 years ago

GoogleCodeExporter commented 9 years ago
Made 2 Drupal installations - one as parent and other one as child.

Made 2 'SimpleSAMLphp' installations - one as Identity Provider(idp) and other 
as Service Provider(sp).

In the parent Drupal 'drupalauth4ssp' module is enabled

Also, in the 'BASIC SETUP' of the parent Drupal, idp path is given in 
'Installation directory' and 'drupalauth:External' is given in 'Authentication 
source'.

The module 'drupalauth' is enabled in the idp installation.

In the child Drupal 'simplesamlphp_auth' module is enabled.

Also, in the 'BASIC SETUP' of the child Drupal, sp path is given in 
'Installation directory' and 'default-sp' is given in 'Authentication source'.

After I login into the parent drupal, when I click 'Federated Log In' to login 
in to the child drupal I getting errror page 

Unhandled exception
An unhandled exception was thrown.
If you report this error, please also report this tracking number which makes 
it possible to locate your session in the logs available to the system 
administrator: 44ecfc19f2
Debug information

The debug information below may be of interest to the administrator / help desk:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 D:\wamp\www\simplesaml\www\module.php:180 (N/A)
Caused by: SimpleSAML_Error_Exception: User not authenticated after login page.
Backtrace:
2 D:\wamp\www\simplesaml\modules\drupalauth\lib\Auth\Source\External.php:439 
(sspmod_drupalauth_Auth_Source_External::resume)
1 D:\wamp\www\simplesaml\modules\drupalauth\www\resume.php:12 (require)
0 D:\wamp\www\simplesaml\www\module.php:135 (N/A)

Original issue reported on code.google.com by antonypr...@gmail.com on 19 Jun 2014 at 10:06

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
Has there been any progress on this issue? I am able to replicate the same 
error.

Original comment by br...@inclindinc.com on 4 Feb 2015 at 8:15

GoogleCodeExporter commented 9 years ago
The most likely issue here is that you have two instances of SimpleSAMLphp 
running on the same host. Unless you have adjusted the cookie names of one of 
the SimpleSAMLphp installations this is the kind of problem you will run into. 
Edit the config.php file for one of the SimpleSAMLphp installations and modify 
the values of session.cookie.name and session.authtoken.cookiename

See if that resolves the issue.

Original comment by steve_mo...@sil.org on 4 Feb 2015 at 8:30

GoogleCodeExporter commented 9 years ago
Thanks for the quick response!  I altered the session.cookie.name and 
session.authtoken.cookiename for the IdP and I still get the same error.  Any 
other suggestions?

Original comment by br...@inclindinc.com on 4 Feb 2015 at 8:40

GoogleCodeExporter commented 9 years ago
The third adjustment I would suggest has to do with where session data is 
stored. You want each instance of SimpleSAMLphp storing it's session data in a 
different place (e.g., one using memcache, the other using sql; or each using 
sql but different databases). 

The easiest thing to do is use sqlite. Set store.type to sql and set 
store.sql.dsn                 to something like 
'sqlite:/path/to/SPsessions.sq3' and for the other instance set it to 
'sqlite:/path/to/IDPsessions.sq3'

See if that, in combination with the other change resolves your issue.

Original comment by steve_mo...@sil.org on 4 Feb 2015 at 9:27

GoogleCodeExporter commented 9 years ago
Thanks again for the response.  I am already utilizing SQL as the session data 
storage.  The two drupal instances are utilizing different databases.  I 
followed the following write up to configure the sql storage: 
https://docs.acquia.com/articles/using-simplesamlphp-acquia-cloud-site

Just a thought, I am utilizing http on both sites because these are just 
sandbox pilot sites.  I could implement a self signed certificate if that is 
proving to be the issue.

Original comment by br...@inclindinc.com on 4 Feb 2015 at 9:32

GoogleCodeExporter commented 9 years ago
If you're doing this in Acquia's DevCloud then varnish is likely the culprit. 
Using a cert, even a self-signed cert, should resolve the issue.

Original comment by steve_mo...@sil.org on 4 Feb 2015 at 9:39

GoogleCodeExporter commented 9 years ago
I have reconfigured simplesamlphp to use https and installed securepages on the 
drupal end just to ensure https is used.  A selfsigned cert is in place and 
working correctly.

When I hit the page on https I get an Acquia specific error screen which only 
shows when PHP errors occur so that the end user does not see the specific php 
error.  Within the browser if I change the url to http, I can see that it is 
still receiving the same error message from simplesamlphp.

Original comment by br...@inclindinc.com on 4 Feb 2015 at 10:28

GoogleCodeExporter commented 9 years ago
I'm stumped.

Original comment by steve_mo...@sil.org on 4 Feb 2015 at 10:43

GoogleCodeExporter commented 9 years ago
Thanks for the suggestions.  Just to clarify, I have cleared varnish cache 
before trying it and I still get the same error message.  If you think of 
anything else I would appreciate it!

Original comment by br...@inclindinc.com on 4 Feb 2015 at 11:03