UUID for provider is 0 (zero)

[mihow]

I have a fresh install of the SAML Service Provider plugin v2.0.15 running on Craft Pro 3.3.18.1. When I add an Identity Provider (I've tried Okta & GSuite) the UUID of the provider is saved as 0 and does not let me log in. If I add multiple providers, both UUIDs are the same (0).

There is actually whitespace saved as part of the UUID as you can see in the URL in the screenshots above.

/sso/login/request/0

I've followed the blog post explaining how to integrate with Okta (which was very helpful thank you) however am still running into this issue. https://www.flipboxdigital.com/insights/configuring-saml-sp-with-okta-com

I've tried uninstalling and reinstalling the plugin to no avail.

[dsmrt]

Couple questions:

What DB (mysql/psql) are you using? If you look in the db, there should be a table named: saml_sp_providers. Can you see the uids in there?

[mihow]

We are using Postgres 10. I see the saml_sp_providers table and there are entries for the service provider and the identity providers. The uid is 0 ... for all of them (zero followed by 35 chars of whitespace).

[dsmrt]

Ok. That should not look like that. I’ll try and replicate with pg 10.

[mihow]

Thanks for looking into this. I also tried manually changing the UID in the database but I am still seeing the same issues when initiating the login:

[dsmrt]

Not sure what is going wrong here but the uid is taking the default which is 0 in postgres (see \craft\db\Migration::uid). Trying to figure out why that isn't being set correctly for PG.

Your 404 is happening with the zero and the 111... due to the url route rule that requires a uuid format (<uid:[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}>, from vendor/flipboxfactory/saml-core/src/AbstractPlugin.php:297)

[dsmrt]

@mihow , I've pushed up patch in 2.1.1. Run a composer update flipboxfactory/saml-sp flipboxfactory/saml-core. The patch is in core but update both. Let me know if that works out for you. Thanks!

[mihow]

That worked! I have real UUIDs now! Thank you.

I am getting a 400 error now but guessing it's related to my configuration "Service Provider is not found. Possibly a configuration problem. My Provider/Current EntityId: /"

[dsmrt]

Have you created the My Provider yet? if you goto the provider listing, you should have 2 providers there. One defining your craft site, and the other, defining the IdP. You can click the "My Provider" nav item in the SAML plugin sub nav to verify it's been created. If not, just create it then.

Let me know if this doesn't line up with what you are seeing.

[mihow]

Hi @dsmrt, I have a My Provider created but am still seeing this issue. Any other ideas? I tried starting from scratch but no luck.

Another issue is the Single Logout Service URL is missing under Bindings for My Provider.

[dsmrt]

In your config/general.php can you configure your loginPath to point to /sso/login/request? See if that helps.

[mihow]

Unfortunately no dice. This is the URL that the "login via Okta" button takes me to, which has the correct UID of the identity provider.

http://localhost:9000/sso/login/request/ed17832a-0c8d-4cce-a897-fc571a431d43?RelayState=http://localhost:9000/admin

[dsmrt]

Ok ... judging from the screenshot, your EntityId has been changed to / system wide somewhere. Your EntityId needs to match http://localhost:9000. The plugin defaults EntityId to the siteUrl.

Check your:

• project.yaml
  • if you are using the project config delete the entityId entry. See https://github.com/flipboxfactory/saml-sp/issues/29#issuecomment-522168846 for more info.
• config/saml-sp.php
  • if you are overwriting the entityId here, remove that.
• Plugin Settings (/admin/saml-sp/settings)
  • Delete the entityId text and hit save. Go back and make sure it's back to the default.

[mihow]

That worked! We are using project.yaml and the setting must have stuck even after reinstalling the plugin. Thank you for your help.