Closed madhousemachine closed 5 years ago
Here's another stack trace. This is using 1.0.8 of your plugin.
Craft Pro 3.3.41 PHP 7.2.19
What's going on? Our client CANNOT log in to a PRODUCTION application.
yii\base\ErrorException: Undefined index: attibuteName in /home/forge/turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/helpers/ProviderHelper.php:22
Stack trace:
#0 /home/forge/turfnutritiontool.com/vendor/craftcms/cms/src/web/ErrorHandler.php(80): yii\base\ErrorHandler->handleError(8, 'Undefined index...', '/home/forge/tur...', 22)
#1 /home/forge/turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/helpers/ProviderHelper.php(22): craft\web\ErrorHandler->handleError(8, 'Undefined index...', '/home/forge/tur...', 22, Array)
#2 /home/forge/turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/services/login/User.php(192): flipbox\saml\core\helpers\ProviderHelper::providerMappingToKeyValue(Object(flipbox\saml\sp\records\ProviderRecord))
#3 /home/forge/turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/services/login/User.php(160): flipbox\saml\sp\services\login\User->transform(Object(LightSaml\Model\Protocol\Response), Object(craft\elements\User))
#4 /home/forge/turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/services/login/User.php(96): flipbox\saml\sp\services\login\User->construct(Object(craft\elements\User), Object(LightSaml\Model\Protocol\Response))
#5 /home/forge/turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/services/Login.php(66): flipbox\saml\sp\services\login\User->sync(Object(craft\elements\User), Object(LightSaml\Model\Protocol\Response))
#6 /home/forge/turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/controllers/LoginController.php(77): flipbox\saml\sp\services\Login->login(Object(LightSaml\Model\Protocol\Response))
#7 [internal function]: flipbox\saml\sp\controllers\LoginController->actionIndex()
#8 /home/forge/turfnutritiontool.com/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
#9 /home/forge/turfnutritiontool.com/vendor/yiisoft/yii2/base/Controller.php(157): yii\base\InlineAction->runWithParams(Array)
#10 /home/forge/turfnutritiontool.com/vendor/craftcms/cms/src/web/Controller.php(187): yii\base\Controller->runAction('', Array)
#11 /home/forge/turfnutritiontool.com/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('', Array)
#12 /home/forge/turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(299): yii\base\Module->runAction('saml-sp/login', Array)
#13 /home/forge/turfnutritiontool.com/vendor/yiisoft/yii2/web/Application.php(103): craft\web\Application->runAction('saml-sp/login', Array)
#14 /home/forge/turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(284): yii\web\Application->handleRequest(Object(craft\web\Request))
#15 /home/forge/turfnutritiontool.com/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#16 /home/forge/turfnutritiontool.com/public/index.php(21): yii\base\Application->run()
#17 {main}
Rolled back to Craft 3.3.3 and SAML 1.0.8
Everything seems stabilized. Not touching a thing.
From that last error it looks like the migrations didn't run. Please be diligent with this upgrade and follow the instructions: https://saml-sp.flipboxfactory.com/installation.html#upgrading-to-2-0
Actually, looking at this again, looks like the migration did work. Login is working?
I haven't seen that first error before. I have a feeling you may need to go with the 2.0.0 unless you rolled back the db.
We were diligent with the upgrade. And we did follow instructions. The fact you have to point that out over and over again, with big warnings in the control panel, tells me this upgrade is not stable.
Did it twice on a local dev instance. Worked great. So, why not try it in production? Did not work great.
I don't know what else we could have done differently. What might have caused that second error?
And we did roll back the database. We rolled everything back. Works fine now (Craft 3.3.3 and SAML SP 1.0.8) but we're not touching it. Again... sad state for a $200 plugin.
Sorry for the trouble.
Glad you followed the instructions. I'm worried that some will over look it. I can understand you upset but I'm here to help. Please let me help you.
I have some hunches. What DB and version are you using? I'd like to try and replicate this on my local.
DEV: MySQL 5.5.5 - 10.3.14-MariaDB-1:10.3.14
PRODUCTION: MySQL 5.5.5 - 10.2.18-MariaDB-1:10.2.18
Quick Update:
You might have found a bug with the first comment.
2019-09-24 08:45:15 [-][-][2f62bvj9ucuc6d1v4guj7192fp][error][TypeError]
TypeError: Argument 1 passed to flipbox\saml\core\records\AbstractProvider::setGroupOptions() ...
Still trying to figure out what's going on there but I can't replicate on my local. Between the two of us, you've only seen this on your production environment, which makes it difficult to debug.
If you'd like me to take this further, could you send me your SP provider table (should be something like: saml_sp_providers
)? Maybe something will stick out there. Send it here: https://www.flipboxdigital.com/contact
I think I might be able to make the following line default to null
but I don't want to do it until we are sure there isn't something else going on there. https://github.com/flipboxfactory/saml-core/blob/2.0.10/src/records/AbstractProvider.php#L189
Your second issue was due to the rollback from v2 to v1. That error is related to a migration. Rollbacks aren't supported there.
One more question @madhousemachine . Referring to the first comment/issue, When does this happen? When you hit the Craft CP login page, when you're unauthenticated?
Hey. (Same user. Different username here.)
After authentication. Here's more. We're trying it on an isolated instance on the production server.
Upgrade went fine. We log out of Craft CP. Close down the browser. Reopen and try to authenticate. Works(?) Redirects back to our site, aaaaaaand.... boom.
SAML2\Exception\UnparseableXmlException: Unable to parse XML - "FATAL[77]": "Premature end of data in tag root line 1
" in "(string)" at line 1 on column 114" in /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php:50
Stack trace:
#0 /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/Utils.php(539): SAML2\DOMDocumentFactory::fromString('<root xmlns:sam...')
#1 /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/Utils.php(569): SAML2\Utils::doDecryptElement(Object(DOMElement), Object(RobRichards\XMLSecLibs\XMLSecurityKey), Array)
#2 /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/EncryptedAssertion.php(97): SAML2\Utils::decryptElement(Object(DOMElement), Object(RobRichards\XMLSecLibs\XMLSecurityKey), Array)
#3 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/helpers/SecurityHelper.php(144): SAML2\EncryptedAssertion->getAssertion(Object(RobRichards\XMLSecLibs\XMLSecurityKey))
#4 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Assertion.php(89): flipbox\saml\core\helpers\SecurityHelper::decryptAssertion(Object(SAML2\EncryptedAssertion), '-----BEGIN CERT...')
#5 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Response.php(94): flipbox\saml\core\validators\Assertion->validate(Object(SAML2\EncryptedAssertion))
#6 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Response.php(74): flipbox\saml\core\validators\Response->validateAssertions(Object(SAML2\Response), Object(SAML2\Response\Validation\Result))
#7 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/controllers/LoginController.php(80): flipbox\saml\core\validators\Response->validate(Object(SAML2\Response))
#8 [internal function]: flipbox\saml\sp\controllers\LoginController->actionIndex()
#9 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
#10 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Controller.php(157): yii\base\InlineAction->runWithParams(Array)
#11 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Controller.php(187): yii\base\Controller->runAction('', Array)
#12 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('', Array)
#13 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(299): yii\base\Module->runAction('saml-sp/login', Array)
#14 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/web/Application.php(103): craft\web\Application->runAction('saml-sp/login', Array)
#15 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(284): yii\web\Application->handleRequest(Object(craft\web\Request))
#16 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#17 /home/forge/staging.turfnutritiontool.com/public/index.php(21): yii\base\Application->run()
#18 {main}
Next Exception: Failed to parse decrypted XML. Maybe the wrong sharedkey was used? in /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/Utils.php:541
Stack trace:
#0 /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/Utils.php(569): SAML2\Utils::doDecryptElement(Object(DOMElement), Object(RobRichards\XMLSecLibs\XMLSecurityKey), Array)
#1 /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/EncryptedAssertion.php(97): SAML2\Utils::decryptElement(Object(DOMElement), Object(RobRichards\XMLSecLibs\XMLSecurityKey), Array)
#2 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/helpers/SecurityHelper.php(144): SAML2\EncryptedAssertion->getAssertion(Object(RobRichards\XMLSecLibs\XMLSecurityKey))
#3 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Assertion.php(89): flipbox\saml\core\helpers\SecurityHelper::decryptAssertion(Object(SAML2\EncryptedAssertion), '-----BEGIN CERT...')
#4 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Response.php(94): flipbox\saml\core\validators\Assertion->validate(Object(SAML2\EncryptedAssertion))
#5 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Response.php(74): flipbox\saml\core\validators\Response->validateAssertions(Object(SAML2\Response), Object(SAML2\Response\Validation\Result))
#6 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/controllers/LoginController.php(80): flipbox\saml\core\validators\Response->validate(Object(SAML2\Response))
#7 [internal function]: flipbox\saml\sp\controllers\LoginController->actionIndex()
#8 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
#9 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Controller.php(157): yii\base\InlineAction->runWithParams(Array)
#10 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Controller.php(187): yii\base\Controller->runAction('', Array)
#11 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('', Array)
#12 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(299): yii\base\Module->runAction('saml-sp/login', Array)
#13 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/web/Application.php(103): craft\web\Application->runAction('saml-sp/login', Array)
#14 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(284): yii\web\Application->handleRequest(Object(craft\web\Request))
#15 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#16 /home/forge/staging.turfnutritiontool.com/public/index.php(21): yii\base\Application->run()
#17 {main}
Next Exception: Failed to decrypt XML element. in /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/Utils.php:576
Stack trace:
#0 /home/forge/staging.turfnutritiontool.com/vendor/simplesamlphp/saml2/src/SAML2/EncryptedAssertion.php(97): SAML2\Utils::decryptElement(Object(DOMElement), Object(RobRichards\XMLSecLibs\XMLSecurityKey), Array)
#1 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/helpers/SecurityHelper.php(144): SAML2\EncryptedAssertion->getAssertion(Object(RobRichards\XMLSecLibs\XMLSecurityKey))
#2 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Assertion.php(89): flipbox\saml\core\helpers\SecurityHelper::decryptAssertion(Object(SAML2\EncryptedAssertion), '-----BEGIN CERT...')
#3 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Response.php(94): flipbox\saml\core\validators\Assertion->validate(Object(SAML2\EncryptedAssertion))
#4 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-core/src/validators/Response.php(74): flipbox\saml\core\validators\Response->validateAssertions(Object(SAML2\Response), Object(SAML2\Response\Validation\Result))
#5 /home/forge/staging.turfnutritiontool.com/vendor/flipboxfactory/saml-sp/src/controllers/LoginController.php(80): flipbox\saml\core\validators\Response->validate(Object(SAML2\Response))
#6 [internal function]: flipbox\saml\sp\controllers\LoginController->actionIndex()
#7 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/InlineAction.php(57): call_user_func_array(Array, Array)
#8 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Controller.php(157): yii\base\InlineAction->runWithParams(Array)
#9 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Controller.php(187): yii\base\Controller->runAction('', Array)
#10 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Module.php(528): craft\web\Controller->runAction('', Array)
#11 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(299): yii\base\Module->runAction('saml-sp/login', Array)
#12 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/web/Application.php(103): craft\web\Application->runAction('saml-sp/login', Array)
#13 /home/forge/staging.turfnutritiontool.com/vendor/craftcms/cms/src/web/Application.php(284): yii\web\Application->handleRequest(Object(craft\web\Request))
#14 /home/forge/staging.turfnutritiontool.com/vendor/yiisoft/yii2/base/Application.php(386): craft\web\Application->handleRequest(Object(craft\web\Request))
#15 /home/forge/staging.turfnutritiontool.com/public/index.php(21): yii\base\Application->run()
#16 {main}
@smockensturm Looks like it's sending invalid XML. Can you email me the AuthnRequest? We've emailed before.
Great. So it worked before with bogus XML? Great. Lovely.
Sure. How? Where do I find it?
I just emailed you admin creds.
Correction ... it's the Response (from ADFS) that having an issue and I think it's due to a mismatch with the cert. To get that staging environment to work, metadata and certs might need to be exchanged again. Just to be sure everything matches up. I use this to debug saml messages: https://chrome.google.com/webstore/detail/saml-chrome-panel/paijfdbeoenhembfhkhllainmocckace
We done here, then? What is your recommendation?
I recommend you test login on a dev/test SAML instance before updating on prod (this is why I've said to stay diligent with this update. It's a major release for a reason). If you can't test login with the update before deploying to prod, then maybe it's best to stay on 1.x.
This is unfortunate. And really really uncool. Something is wrong with one of your releases ( prob v1 ) and you’re going to lay it on us?
We helped you develop this. Then we shelled out the big buck.
You’ve been scrambling out patches since v2 was released. Craft 3.2 update broke v1.
Diligence indeed. Works both ways, Damien.
On Sep 24, 2019, at 5:36 PM, Damien Smrt notifications@github.com wrote:
Closed #36.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.
Not confident at all in this 2.0 upgrade.
Craft Pro 3.3.41 PHP 7.2.19
Nothing fancy. Your SAML plugin right out of the box.
Anything jump off the top of your head?