Pixeldust Drupal Support Service

Cannot configure the site as SAML SP with simplesamlphp_auth

I have a functioning SAML IdP, implemented with LemonLDAP::NG. I know it functions because it works with Nextcloud as an SP. I’ve also successfully configured a DokuWiki SP in the past.

The IdP, the Nextcloud SP and the Drupal 8 SP are all behind an Nginx reverse proxy. All of them are directly reachable from my IP, but I have restricted access from other IPs.

I have been trying on and off for a year to make SAML login work with Drupal 8, using simplesamlphp_auth, but without success. I have lost count of how many articles I have read on the net, which all suggest that configuring SAML is trivial. Sadly, not for me.

Currently, when I select the Drupal 8 SP under ‘Test authentication sources’ in the ‘Authentication’ tab, I get the following error:

enter image description here

Too many redirects occurred trying to open “https://www.xxxx.tld/simplesaml/module.php/core/authenticate.php?as=wmh-www-sp&%5CSimpleSAML%5CAuth%5CState.exceptionId=_568428306a7ad7ad7bf8f8f47a94940de364239c67%3Ahttps%3A%2F%2Fwww.xxx.tld%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dwmh-www-sp%26ReturnTo%3Dhttps%253A%252F%252Fwww.xxx.tld%252Fsimplesaml%252Fmodule.php%252Fcore%252Fauthenticate.php%253Fas%253Dwmh-www-sp”. This might occur if you open a page that is redirected to open another page, which then is redirected to open the original page.

The log file contains repeated occurrences of the following error messages:

2019/04/03 22:31:48 [error] 21251#21251: *982 FastCGI sent in stderr: “PHP message: simplesamlphp DEBUG [e54b9408f4] Session: ‘wmh-www-sp’ not valid because we are not authenticated.

PHP message: simplesamlphp DEBUG [e54b9408f4] getIdpMetadata: METADATANOTFOUND(‘%’ => ”https://cloud.xxx.tld/saml/metadata”)

PHP message: simplesamlphp DEBUG [e54b9408f4] getIdpMetadata: METADATANOTFOUND(‘%’ => ”https://cloud.xxx.tld/saml/metadata”)

PHP message: simplesamlphp DEBUG [e54b9408f4] Saved state: ‘_f37c552249cf34b640de1dac7ad22b1481c763fc0f:https://www.xxx.tld/simplesaml/module.php/core/as_login.php?AuthId=wmh-www-sp&ReturnTo=https.xxx.tld.php.php-www-sp

PHP message: simplesamlphp DEBUG [e54b9408f4] saving key SimpleSAMLphp.session.161a8f86a89cf6e93f36117cc21a26af to memcache” while reading response header from upstream, client: NN.NNN.NNN.NNN, server: www.xxx.tld, request: “GET /simplesaml/module.php/core/authenticate.php?as=wmh-www-sp HTTP/2.0”, upstream: “fastcgi://unix:/var/run/php-fpm-www.sock:”, host: “www.xxx.tld”, referrer: “https://www.xxx.tld/simplesaml/module.php/core/authenticate.php

2019/04/03 22:31:48 [error] 21251#21251: *982 FastCGI sent in stderr: “PHP message: simplesamlphp DEBUG [e54b9408f4] loading key SimpleSAMLphp.session.161a8f86a89cf6e93f36117cc21a26af from memcache” while reading upstream, client: NN.NNN.NNN.NNN, server: www.xxx.tld, request: “GET /simplesaml/module.php/core/authenticate.php?as=wmh-www-sp HTTP/2.0”, upstream: “fastcgi://unix:/var/run/php-fpm-www.sock:”, host: “www.xxx.tld”, referrer: “https://www.xxx.tld/simplesaml/module.php/core/authenticate.php

(www.xxx.tld is the SP, cloud.xxx.tldis the IdP, wmh-www-sp is the entityID of the SP.)

Specific things I do not understand:

  • we are not authenticated – I have logged into the simplesamlphp_auth interface
  • METADATANOTFOUND('%' => ''https://cloud.xxx.tld/saml/metadata'') – this is the address of the IdP’s metadata and is correct as such

I created file metadata/saml20-idp-remote.php from the IdP’s metadata URL, https://cloud.xxx.tld/saml/metadata using simplesamlphp_auth‘s metadata converter under the “Federation” tab.

Can anyone help me to make sense of all the above?

Steve

This article was republished from its original source.
Call Us: 1(800)730-2416

Pixeldust is a 20-year-old web development agency specializing in Drupal and WordPress and working with clients all over the country. With our best in class capabilities, we work with small businesses and fortune 500 companies alike. Give us a call at 1(800)730-2416 and let’s talk about your project.

Let's Talk About a Project

FREE Drupal SEO Audit

Test your site below to see which issues need to be fixed. We will fix them and optimize your Drupal site 100% for Google and Bing. (Allow 30-60 seconds to gather data.)

Powered by

Cannot configure the site as SAML SP with simplesamlphp_auth

On-Site Drupal SEO Master Setup

We make sure your site is 100% optimized (and stays that way) for the best SEO results.

With Pixeldust On-site (or On-page) SEO we make changes to your site’s structure and performance to make it easier for search engines to see and understand your site’s content. Search engines use algorithms to rank sites by degrees of relevance. Our on-site optimization ensures your site is configured to provide information in a way that meets Google and Bing standards for optimal indexing.

This service includes:

  • Pathauto install and configuration for SEO-friendly URLs.
  • Meta Tags install and configuration with dynamic tokens for meta titles and descriptions for all content types.
  • Install and fix all issues on the SEO checklist module.
  • Install and configure XML sitemap module and submit sitemaps.
  • Install and configure Google Analytics Module.
  • Install and configure Yoast.
  • Install and configure the Advanced Aggregation module to improve performance by minifying and merging CSS and JS.
  • Install and configure Schema.org Metatag.
  • Configure robots.txt.
  • Google Search Console setup snd configuration.
  • Find & Fix H1 tags.
  • Find and fix duplicate/missing meta descriptions.
  • Find and fix duplicate title tags.
  • Improve title, meta tags, and site descriptions.
  • Optimize images for better search engine optimization. Automate where possible.
  • Find and fix the missing alt and title tag for all images. Automate where possible.
  • The project takes 1 week to complete.
MASTER YOUR DRUPAL SEO
Pixeldust and Pantheon Drupal Development
256