search

handnot2 / samly

Elixir Plug library to enable SAML 2.0 SP SSO in Phoenix/Plug applications.
MIT License
126 stars 93 forks source link

Keyfile is required even when Identity Provider Parameters are set to false #20

Closed chespinoza closed 6 years ago

chespinoza commented 6 years ago

Hi and thanks for Samly, I've been trying to setup some tests using the d9eb636610e096f86f25d9a46f35a9facac35609a7591b3be3326e99a0484665 git ref but even so samly continues requiring the keyfile

Configuration:

config :samly, Samly.Provider,
  idp_id_from: :path_segment,
  service_providers: [
    %{
      id: "alva-sp",
      #entity_id: "urn:samly.howto:sp1",
      certfile: "priv/keys/cert.crt"
    }
  ],
  identity_providers: [
    %{
      id: "nie-idp",
      sp_id: "alva-sp",
      base_url: "https://samly.howto:4443/sso",
      metadata_file: "idp_metadata.xml",
      pre_session_create_pipeline: SamlyHowtoWeb.Plugs.SamlyPipeline,
      #use_redirect_for_req: true,
      sign_requests: false,
      sign_metadata: false,
      #signed_assertion_in_resp: false,
      #signed_envelopes_in_resp: false,
      allow_idp_initiated_flow: false,
    }
  ]
➜  samly_howto git:(master) ✗ bash ./runit.sh      
Erlang/OTP 21 [erts-10.0] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] [hipe]

[info] Application samly_howto exited: SamlyHowto.Application.start(:normal, []) returned an error: shutdown: failed to start child: SamlyHowtoWeb.Endpoint
    ** (EXIT) shutdown: failed to start child: Phoenix.Endpoint.Handler
        ** (EXIT) an exception was raised:
            ** (ArgumentError) could not start Cowboy adapter, the file /home/christian/go/src/github.com/chespinoza/samly_howto/_build/dev/lib/samly_howto/priv/keys/samly.pem required by SSL's :keyfile either does not exist, or the application does not have permission to access it
                (plug) lib/plug/adapters/cowboy.ex:299: Plug.Adapters.Cowboy.fail/1
                (plug) lib/plug/adapters/cowboy.ex:59: Plug.Adapters.Cowboy.args/4
                (plug) lib/plug/adapters/cowboy.ex:120: Plug.Adapters.Cowboy.child_spec/4
                (phoenix) lib/phoenix/endpoint/cowboy_handler.ex:81: Phoenix.Endpoint.CowboyHandler.child_spec/3
                (phoenix) lib/phoenix/endpoint/handler.ex:33: anonymous fn/5 in Phoenix.Endpoint.Handler.init/1
                (elixir) lib/enum.ex:1899: Enum."-reduce/3-lists^foldl/2-0-"/3
                (phoenix) lib/phoenix/endpoint/handler.ex:31: Phoenix.Endpoint.Handler.init/1
                (stdlib) supervisor.erl:295: :supervisor.init/1
                (stdlib) gen_server.erl:374: :gen_server.init_it/2
                (stdlib) gen_server.erl:342: :gen_server.init_it/6
                (stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3
** (Mix) Could not start application samly_howto: SamlyHowto.Application.start(:normal, []) returned an error: shutdown: failed to start child: SamlyHowtoWeb.Endpoint
    ** (EXIT) shutdown: failed to start child: Phoenix.Endpoint.Handler
        ** (EXIT) an exception was raised:
            ** (ArgumentError) could not start Cowboy adapter, the file /home/christian/go/src/github.com/chespinoza/samly_howto/_build/dev/lib/samly_howto/priv/keys/samly.pem required by SSL's :keyfile either does not exist, or the application does not have permission to access it
                (plug) lib/plug/adapters/cowboy.ex:299: Plug.Adapters.Cowboy.fail/1
                (plug) lib/plug/adapters/cowboy.ex:59: Plug.Adapters.Cowboy.args/4
                (plug) lib/plug/adapters/cowboy.ex:120: Plug.Adapters.Cowboy.child_spec/4
                (phoenix) lib/phoenix/endpoint/cowboy_handler.ex:81: Phoenix.Endpoint.CowboyHandler.child_spec/3
                (phoenix) lib/phoenix/endpoint/handler.ex:33: anonymous fn/5 in Phoenix.Endpoint.Handler.init/1
                (elixir) lib/enum.ex:1899: Enum."-reduce/3-lists^foldl/2-0-"/3
                (phoenix) lib/phoenix/endpoint/handler.ex:31: Phoenix.Endpoint.Handler.init/1
                (stdlib) supervisor.erl:295: :supervisor.init/1
                (stdlib) gen_server.erl:374: :gen_server.init_it/2
                (stdlib) gen_server.erl:342: :gen_server.init_it/6
                (stdlib) proc_lib.erl:249: :proc_lib.init_p_do_apply/3

Thanks in advance.

handnot2 commented 6 years ago

The issue is not with Samly Identity Provider settings.

The error report you have included indicates that the error is due to the Phoenix endpoint configuration for HTTPS.

Here is a sample configuration from mix/dev.config:

config :samly_howto, SamlyHowtoWeb.Endpoint,
  http: [port: {:system, "PORT"}],
  https: [
    port: 4443,
    otp_app: :samly_howto,
    keyfile: "priv/keys/samly.pem",
    certfile: "priv/keys/samly.crt"
  ]

Make sure that the keyfile and certfile path are set appropriately.

handnot2 commented 6 years ago

Hopefuly the above comment helps you resolve the issue. Closing this now.

Feel free to reopen this if you have any additional information to add.