Default SP EntityID based on a specific site.

[obrassard-nurun]

Hello, I'm trying to configure a SSO login on a CraftCMS site with an active directory server, however there seems to be a problem with the module.

Indeed, every time I click on the Identity Provider login button I get the following error : Trying to get property 'keychain' of non-object.

I followed the steps described in the module's documentation; I created a new Service Provider for my site, I imported my Identity Provider's metadata (XML) and generated a key pair for my provider. However I've never been able to get the module to work properly.

Environment

We're using Craft Pro 3.1.28 (Yii 2.0.19) on php 7.3.6

Error detail

yii\base\ErrorException: Trying to get property 'keychain' of non-object in /vagrant/vendor/flipboxfactory/saml-sp/src/services/messages/AuthnRequest.php:76
Stack trace:
#0 /vagrant/vendor/craftcms/cms/src/web/ErrorHandler.php(81): yii\base\ErrorHandler->handleError(8, 'Trying to get p...', '/vagrant/vendor...', 76)
#1 /vagrant/vendor/flipboxfactory/saml-sp/src/services/messages/AuthnRequest.php(76): craft\web\ErrorHandler->handleError(8, 'Trying to get p...', '/vagrant/vendor...', 76, Array)
#2 /vagrant/vendor/flipboxfactory/saml-sp/src/controllers/LoginController.php(120): flipbox\saml\sp\services\messages\AuthnRequest->create(Object(flipbox\saml\sp\records\ProviderRecord))
#3 [internal function]: flipbox\saml\sp\controllers\LoginController->actionRequest('cbaff4e7-a510-4...')
#4 /vagrant/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
#5 /vagrant/vendor/yiisoft/yii2/base/Controller.php(157): yii\base\InlineAction->runWithParams(Array)
#6 /vagrant/vendor/craftcms/cms/src/web/Controller.php(109): yii\base\Controller->runAction('request', Array)
#7 /vagrant/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('request', Array)
#8 /vagrant/vendor/craftcms/cms/src/web/Application.php(297): yii\base\Module->runAction('saml-sp/login/r...', Array)
#9 /vagrant/vendor/yiisoft/yii2/web/Application.php(103): craft\web\Application->runAction('saml-sp/login/r...', Array)
#10 /vagrant/vendor/craftcms/cms/src/web/Application.php(286): yii\web\Application->handleRequest(Object(craft\web\Request))
#11 /vagrant/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#12 /vagrant/public/index.php(21): yii\base\Application->run()
#13 {main}

[dsmrt]

Seems like your service provider isn't being found. What happens when you go here: <your host name>/admin/saml-sp/metadata/my-provider

Here's a similar issue: https://github.com/flipboxfactory/saml-sp/issues/26

Check out my comment and what he did to resolve and let me know if you are still having issues after that.

[obrassard-nurun]

Hello @dsmrt ! Thank you for responding quickly !

Indeed, I confirm that my-provider is configured, enabled and mapped with a key pair. Unlike #26, my EntityID match my local hostname. (It is not localhost, but a custom hostname pointing to a vagrant development environment)

[dsmrt]

Hey @obrassard-nurun, That all sounds like it should work.

Couple clarifications (sorry if this is redundant):

1. This resolves with the correct local info and it's enabled? -> <your host name>/admin/saml-sp/metadata/my-provider
2. Are you customizing the EntityID or just letting the Plugin do it's thing? There are 2 places this can be customized. 1) within the config/saml-sp.php config file and 2) within the settings of the plugin. Check to make sure those aren't being customized and leading to this issue.

Looks like you are getting here and the sp config isn't being found: https://github.com/flipboxfactory/saml-sp/blob/master/src/services/messages/AuthnRequest.php#L70

[obrassard-nurun]

Hey @dsmrt! I finally managed to make it work!! 👍

After debugging the module's code I noticed that the expected EntityID was indeed my local hostname, but followed by /fr (since my craft installation is in French). Therefore, adding /fr to the EntityID in the module's configuration solved the problem

So the problem was effectively related to the Entity ID that differ depending on the language. I think it might be a good idea to add this information in the module documentation to prevent confusion and/or update the module so that the Entity ID is language-independent.

[dsmrt]

Good find! That is a new one for me.

I have a 2.0 in the works now but it's probably a couple months off. If you have any customizations (hooking into events, or advanced configs in attribute mapping via the saml-sp.php) let me know and I can help you thru the upgrade when we get that point.

I'm going to modify this ticket to handle the entity id so it's not picking up the site.

[dsmrt]

Title changed to reflect the issue @obrassard-nurun found above. When the Default EntityID is defined, it should use the base url so it's not site specific.

[dsmrt]

In 2.0.1, the plugin now supports EntityID as an environmental variable (See screenshot below). Feel free to update the plugin by following the upgrade docs.