1. Anonymous User(Eddie Konczal)
  2. Pre-sale questions
  3. Thursday, 30 July 2020
  4.  Subscribe via email
When I attempt to install RO Single Sign On version 1.2.0, I get these errors:


Warning
JInstaller: :Install: Error SQL Invalid default value for '_expire'
Extension Install: SQL error processing query: DB function failed with error number 1067
Invalid default value for '_expire'
SQL =

CREATE TABLE IF NOT EXISTS `#__saml_LogoutStore`
(
`_authSource` varchar(191) NOT NULL,
`_nameId` varchar(40) NOT NULL,
`_sessionIndex` varchar(50) NOT NULL,
`_expire` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
ON UPDATE CURRENT_TIMESTAMP,
`_sessionId` varchar(50) NOT NULL,
UNIQUE KEY `_authSource` (`_authSource`(191), `_nameId`, `_sessionIndex`),
KEY `#__saml_LogoutStore_expire` (`_expire`),
KEY `#__saml_LogoutStore_nameId` (`_authSource`(191), `_nameId`)
)
ENGINE = InnoDB
DEFAULT CHARSET = utf8;

Package Install: There was an error installing an extension: com_ro_sso_1.2.0.zip


Here is the system configuration:

PHP Built On Linux 4.12.14-197.45-default #1 SMP Thu Jun 4 11:06:04 UTC 2020 (2b6c749) x86_64
Database Type mysql
Database Version 5.5.39
Database Collation utf8_general_ci
Database Connection Collation utf8mb4_general_ci
PHP Version 7.2.5
Web Server Apache
WebServer to PHP Interface apache2handler
Joomla! Version Joomla! 3.10.0-alpha1 Alpha [ Amani ] 23-July-2020 21:10 GMT
Joomla! Platform Version Joomla Platform 13.1.0 Stable [ Curiosity ] 24-Apr-2013 00:00 GMT

Regards,
Eddie
Accepted Answer Pending Moderation
Additional:




The metadata links for this site are not valid. They are looking for a directory /simplesaml/ that does not exist. Should I be changing this to /libraries/simplesamlphp/
or something else?



-Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Wednesday, August 19, 2020 1:53 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 21
Accepted Answer Pending Moderation
Hi Roland,



Thanks for the reply. I am trying to configure the Identify Provider using information received from the SAML team.



I saved the XML file they sent me to the /libraries/simplesamlphp/metadata/ folder on the Joomla! website; if this is not correct, please let me know.



Also, I am not sure what should be entered here:



* Profile - Fields Tab

> * Enter the "IDP field name" in Name

> > * Identity Provider Fieldname


> > * Local Fieldname

> * Enter the "IDP field username" in Username

> * Enter the "IDP field email address" in Email address



Am I entering the names of the fields containing these values, or the actual values found in those fields?



Regards,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Wednesday, August 19, 2020 1:53 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 22
Accepted Answer Pending Moderation
Hello Eddie,

If the metadata URL is not working, your setup is not correct. Double check the path you have setup on the Configuration section. This is the Base URL path that needs to be correct. That should be changed to the path originating from the webroot. It may be libraries/simplesamlphp.

Generally they would give you a link to the metadata because this is periodically updated. SimpleSAMLphp parses this into a PHP file and places it in the correct folder. You could try putting the XML in a web accessible path and use that URL in your Identity Provider Profile.

The profile fields tab is where you map the Joomla fields to whatever fields you receive from the IDP. So Joomla needs at least a username, name and email field. So you can enter those 3 fields and the fields you get from the Identity Provider should be given to you. That way RO SSO knows which field from your IDP belongs to username, name and email.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 23
Accepted Answer Pending Moderation
Dear Roland,



OK, I was able to get the metadata to work. I set the BaseURL path to libraries/simplesamlphp/www/ and I am now able to both view and import the metadata.



Two more questions:



1)
I received an external URL for the IDP. I entered this in Identity Provider Profiles, to replace the locally hosted XML file, but the setting is not
being updated.

2)
The IDP metadata does not define fields for username, name and email. Will this work if I do not create any fields on the “Profile – Fields” tab?



Thanks,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Wednesday, August 19, 2020 3:36 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 24
Accepted Answer Pending Moderation
Hello Eddie,

That is good news on the metadata part :)

entered this in Identity Provider Profiles, to replace the locally hosted XML file, but the setting is not
being updated.
Did you click the Refresh button from the list page?

The IDP metadata does not define fields for username, name and email. Will this work if I do not create any fields on the “Profile – Fields” tab?
The metadata doesn't define the fields as far as I know. However the payload that you will receive after someone signs in should contain some form of identification. If not, you would not know who the person is. Can you find out what info there is in the payload? That should tell you which fields arrive and then it should be possible to map them. These fields are required because without them you cannot create a Joomla user or log the user in and start a session for that user.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 25
Accepted Answer Pending Moderation
Hi, Roland,



Yes, I have clicked Refresh on the list page. Actually, when I edit the IDP entry, I see the correct URL on the Authorization page – just not on the main Identity
Provider Profiles list under Metadata URL. But I think maybe that is correct after all – the list page is pointing to the local XML on the Joomla! site for this IDP, not the XML file manually uploaded



Once I get the fields from the IDP, what fields would I map them to in your extension?



Regards,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Friday, August 21, 2020 1:38 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 26
Accepted Answer Pending Moderation
Hello Eddie,

Once I get the fields from the IDP, what fields would I map them to in your extension?

Just copy-pasting my previous answer.
The profile fields tab is where you map the Joomla fields to whatever fields you receive from the IDP. So Joomla needs at least a username, name and email field. So you can enter those 3 fields and the fields you get from the Identity Provider should be given to you. That way RO SSO knows which field from your IDP belongs to username, name and email.

Let's say you get the field emailAddress in your payload, this would me mapped to email because Joomla knows the email field and not the emailAddress field.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 27
Accepted Answer Pending Moderation
Hi, Roland,



I mapped the fields in RO Single Sign-On > Identity Provider Profiles and finished configuring the extension, module, and plugin.




When I click the “Login” module on the front-end, I am directed to our university’s single-sign on page, but when I log on, I am then redirected to the wrong
URL.



The site I am testing this with is
https://webdev.sas.rutgers.edu/cms/sandbox39/ which is not accessible outside Rutgers.



After logging in, I am being redirected to:

https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps - this URL is missing the “cms/sandbox39/” portion of the URL.



Do you know how this can be fixed?



Thanks,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Saturday, August 22, 2020 5:19 AM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 28
Accepted Answer Pending Moderation
Hello Eddie,

The return URL is set in your metadata link/file. Although I am not sure where that is located on your setup you can check the folder libraries/simplesamlphp/metadata-generated and there is a file called saml20-sp-remote.php. This is an auto-generated file but you can check if that has the incorrect URL and change it. Once it is changed see if you read the new metadata file into the IDP if it works.

I have never run the Single Sign On in a subfolder so I am unfamiliar with how to fix this permanently. It looks like an issue with the underlying simpleSAMLphp library as that generates this file.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 29
Accepted Answer Pending Moderation
Hello, Roland,



I checked the file libraries/simplesamlphp/metadata-generated/saml20-sp-remote.php and it does not contain the return URL of

https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps - I am attaching the file.



Two more questions:



1)
On the Service Provider Configuration tab, these steps appear:

Read the metadata from the Identity Provider



Go to folder libraries\simplesamlphp\modules\metarefresh\bin'
Import the metadata using the command 'php metarefresh.php [URL to metadata file]'
For URL to metadata file, should I be entering the remote URL for the identity provider’s metadata file, or a local file – and if the latter, which one?



2)
When I created the front-end module, I also tried to create a module for back-end login, but did not see an option for “RO Single Sign On” in Extensions
> Modules > Administrator. Does your extension include a back-end Joomla! login module?

Thanks,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Monday, August 31, 2020 5:07 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 30
Accepted Answer Pending Moderation
Hello Eddie,

What is the content of the metadata URL you are using? That should tell the IDP where to connect to. I might be on the wrong track here as it could also be the payload simpleSAMLphp sends when the user is redirected to the IDP.

Read the metadata from the Identity Provider
That should no longer be necessary as you can us the refresh button from the Identity Provider list. This only works with the full URL, not a path on the server.

Does your extension include a back-end Joomla! login module?
It does not at this moment. The feature is on the roadmap but not yet build.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 31
Accepted Answer Pending Moderation
Hello, Roland,



I’m attaching the XML file provided by our identity provider. I will also check with them to see if something is amiss.



Thanks,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Tuesday, September 1, 2020 1:12 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
Attachments (1)
  1. more than a month ago
  2. Pre-sale questions
  3. # 32
Accepted Answer Pending Moderation
Hello Eddie,

The IDP XML is not of our concern I think because this just tells the SP (your site) where to send the user to for authorisation. Can you send me the XML file you are providing to the IDP?
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 33
Accepted Answer Pending Moderation
Hello, Roland,



Sorry , I misunderstood your question.



Below is the XML we are providing. I can see that the paths are wrong; they all begin with:



https://webdev.sas.rutgers.edu/libraries/simplesamlphp



when they should begin with



https://webdev.sas.rutgers.edu/cms/sandbox39/libraries/simplesamlphp



I think this may be because when I created the certificates, I entered “webdev.sas.rutgers.edu” as the hostname instead of “webdev.sas.rutgers.edu/cms/sandbox39”.



Should I recreate the certificates and send the updated metadata to our IDP?



Thanks,

Eddie



Metadata

You can get the metadata xml on a dedicated URL:

https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/metadata.php/test-idps

SAML Metadata

In SAML 2.0 Metadata XML format:

<?xml version="1.0"?> <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/metadata.php/test-idps">
<md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol"> <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIGjjCCBHagAwIBAgIBADANBgkqhkiG9w0BAQsFADCB3zELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxFjAUBgNVBAcMDU5ldyBCcnVuc3dpY2sxNDAyBgNVBAoMK1J1dGdlcnMsIFRoZSBTdGF0ZSBVbml2ZXJzaXR5IG9mIE5ldyBKZXJzZXkxJDAiBgNVBAsMG1NjaG9vbCBvZiBBcnRzIGFuZCBTY2llbmNlczEfMB0GA1UEAwwWd2ViZGV2LnNhcy5ydXRnZXJzLmVkdTEmMCQGCSqGSIb3DQEJARYXa29uY3phbEBzYXMucnV0Z2Vycy5lZHUwHhcNMjAwODE5MTczNzQwWhcNMzAwODE5MTczNzQwWjCB3zELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxFjAUBgNVBAcMDU5ldyBCcnVuc3dpY2sxNDAyBgNVBAoMK1J1dGdlcnMsIFRoZSBTdGF0ZSBVbml2ZXJzaXR5IG9mIE5ldyBKZXJzZXkxJDAiBgNVBAsMG1NjaG9vbCBvZiBBcnRzIGFuZCBTY2llbmNlczEfMB0GA1UEAwwWd2ViZGV2LnNhcy5ydXRnZXJzLmVkdTEmMCQGCSqGSIb3DQEJARYXa29uY3phbEBzYXMucnV0Z2Vycy5lZHUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDugoglIB1TjB96O3K8IGvL8hnuWokneLAhqw6bCU+Jzg8dVnygaM5vC5Jb8pGiSdTzCPxsdPXkb4W3YZWOzP/CszRxktI1oPp7W9/Y38xJuK5iW5e7+M+ivb+TmPS7JA3FKOG23XydJ9I2W+yb/AQYlwoBc1T3jn8FCCDyTHU87/ha7bjdeRaN0xAWSy2D9as04t6ir1sU3qHcH4yOg40IvPsYFHtguBOhOuniJH1JSV0wdO5Kkc2uVxA7/gJh+EJpClMioG8HlDNFhWSoANxKyb8NbKMc/+HOVxSjtS3fvbGpt0XdvQCaqh4tGnOis7mU6RpPtM2HCIDt+6OyUtNf2VijUs4eAarV9ZOzUZozISsnSeMBKVEdKQMPowa8YBJVC15CvyyJOu1r7graO8Tyb6xjJ6JqzIYPaQh5vzLmTh9KCATcq1QaqjrVvHsToUl46su8EfrOucJyrap7D3nKO1hzXFlDgFhmXL6q62M21gMYSZrtXuaEr3Pp9vBtgv1yp2L2OihfNnxsiFoL4lJCZbgQf3ejpKPtnwJcHINDqjJb1N4bIf/xz53A96V2wSzcz7VjnO6PUdRyxTSKXI1hplW60oqDakV74OMYNjmgHBHRlTxkTifrFgC1ZlXLkpOem5HqRgJUKLW7F/oA/YCEO7HJt7qRgRtfldWxfIRivQIDAQABo1MwUTAdBgNVHQ4EFgQUZVrV1F4Tu4XIh2ege+TVR4c5hGEwHwYDVR0jBBgwFoAUZVrV1F4Tu4XIh2ege+TVR4c5hGEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAiRskhUIq5hbOdH9txfTnfV+nSuy1j+DlgwZybNi5k9YPlAmc2SiJXZWePPo9PRxmqdUEjIcFnlsZRu6vMS7+kIAOF7Yhlc2zfikab52DKrdE4TyOILe+pKQ+j97NjJXe/9E4ecfvzrvSbnYECKmJUiUv/Ncvb+3fVf9fpOEaoiokJBDMGvfGhGf6apuAlUo/+n6TsB8KzngJrxyJcVN3h7LdMyDeNaDNxF6Gjc/hLoYo1c2vr+JUU8SBKS0f/y/uhTFBUEkeSs0JC5iW4L3quWACbYv20OXWddmjJJ/4cJjQgL2dUmzXbhJm2uext44g48KHRacvLtJ7YWhhVXCy+dudHMjDXEKhyDdY5qq7HMQml+x3yHN/PstfyzL6k1wfvSZ4RqSEuPJ/s4pVcx8GVM05N6MmEQlwrbFLxYH/TrmWKiFwaSAcr9/BvGE8H8peDMKSsGnt62sDbX28NboqBoNo7M05tMiCiOFRFWGQcE6GeUYI7pRq4runokCNwFvct9zjXrp5z/W6umjtPxJtQfoBuq0l9v4GwLT6Qq7QJndi/F0pX08vpSNWWlHDrBAK58+f0rvPLFmtrBjfhcCFwSzJKSTxjOTRGknXn6aZQCl5ZnHxPJg5bm6MN89++1SHI5k1tnyvsZExOfTxjvyAC6I02rIPh8ONJrJVoB3TpCM=</ds:X509Certificate>
</ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>MIIGjjCCBHagAwIBAgIBADANBgkqhkiG9w0BAQsFADCB3zELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxFjAUBgNVBAcMDU5ldyBCcnVuc3dpY2sxNDAyBgNVBAoMK1J1dGdlcnMsIFRoZSBTdGF0ZSBVbml2ZXJzaXR5IG9mIE5ldyBKZXJzZXkxJDAiBgNVBAsMG1NjaG9vbCBvZiBBcnRzIGFuZCBTY2llbmNlczEfMB0GA1UEAwwWd2ViZGV2LnNhcy5ydXRnZXJzLmVkdTEmMCQGCSqGSIb3DQEJARYXa29uY3phbEBzYXMucnV0Z2Vycy5lZHUwHhcNMjAwODE5MTczNzQwWhcNMzAwODE5MTczNzQwWjCB3zELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxFjAUBgNVBAcMDU5ldyBCcnVuc3dpY2sxNDAyBgNVBAoMK1J1dGdlcnMsIFRoZSBTdGF0ZSBVbml2ZXJzaXR5IG9mIE5ldyBKZXJzZXkxJDAiBgNVBAsMG1NjaG9vbCBvZiBBcnRzIGFuZCBTY2llbmNlczEfMB0GA1UEAwwWd2ViZGV2LnNhcy5ydXRnZXJzLmVkdTEmMCQGCSqGSIb3DQEJARYXa29uY3phbEBzYXMucnV0Z2Vycy5lZHUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDugoglIB1TjB96O3K8IGvL8hnuWokneLAhqw6bCU+Jzg8dVnygaM5vC5Jb8pGiSdTzCPxsdPXkb4W3YZWOzP/CszRxktI1oPp7W9/Y38xJuK5iW5e7+M+ivb+TmPS7JA3FKOG23XydJ9I2W+yb/AQYlwoBc1T3jn8FCCDyTHU87/ha7bjdeRaN0xAWSy2D9as04t6ir1sU3qHcH4yOg40IvPsYFHtguBOhOuniJH1JSV0wdO5Kkc2uVxA7/gJh+EJpClMioG8HlDNFhWSoANxKyb8NbKMc/+HOVxSjtS3fvbGpt0XdvQCaqh4tGnOis7mU6RpPtM2HCIDt+6OyUtNf2VijUs4eAarV9ZOzUZozISsnSeMBKVEdKQMPowa8YBJVC15CvyyJOu1r7graO8Tyb6xjJ6JqzIYPaQh5vzLmTh9KCATcq1QaqjrVvHsToUl46su8EfrOucJyrap7D3nKO1hzXFlDgFhmXL6q62M21gMYSZrtXuaEr3Pp9vBtgv1yp2L2OihfNnxsiFoL4lJCZbgQf3ejpKPtnwJcHINDqjJb1N4bIf/xz53A96V2wSzcz7VjnO6PUdRyxTSKXI1hplW60oqDakV74OMYNjmgHBHRlTxkTifrFgC1ZlXLkpOem5HqRgJUKLW7F/oA/YCEO7HJt7qRgRtfldWxfIRivQIDAQABo1MwUTAdBgNVHQ4EFgQUZVrV1F4Tu4XIh2ege+TVR4c5hGEwHwYDVR0jBBgwFoAUZVrV1F4Tu4XIh2ege+TVR4c5hGEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAiRskhUIq5hbOdH9txfTnfV+nSuy1j+DlgwZybNi5k9YPlAmc2SiJXZWePPo9PRxmqdUEjIcFnlsZRu6vMS7+kIAOF7Yhlc2zfikab52DKrdE4TyOILe+pKQ+j97NjJXe/9E4ecfvzrvSbnYECKmJUiUv/Ncvb+3fVf9fpOEaoiokJBDMGvfGhGf6apuAlUo/+n6TsB8KzngJrxyJcVN3h7LdMyDeNaDNxF6Gjc/hLoYo1c2vr+JUU8SBKS0f/y/uhTFBUEkeSs0JC5iW4L3quWACbYv20OXWddmjJJ/4cJjQgL2dUmzXbhJm2uext44g48KHRacvLtJ7YWhhVXCy+dudHMjDXEKhyDdY5qq7HMQml+x3yHN/PstfyzL6k1wfvSZ4RqSEuPJ/s4pVcx8GVM05N6MmEQlwrbFLxYH/TrmWKiFwaSAcr9/BvGE8H8peDMKSsGnt62sDbX28NboqBoNo7M05tMiCiOFRFWGQcE6GeUYI7pRq4runokCNwFvct9zjXrp5z/W6umjtPxJtQfoBuq0l9v4GwLT6Qq7QJndi/F0pX08vpSNWWlHDrBAK58+f0rvPLFmtrBjfhcCFwSzJKSTxjOTRGknXn6aZQCl5ZnHxPJg5bm6MN89++1SHI5k1tnyvsZExOfTxjvyAC6I02rIPh8ONJrJVoB3TpCM=</ds:X509Certificate>
</ds:X509Data> </ds:KeyInfo> </md:KeyDescriptor> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/test-idps"/> <md:SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/test-idps"/> <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/test-idps"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps"
index="0"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post" Location="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml1-acs.php/test-idps" index="1"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
Location="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps" index="2"/> <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" Location="https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml1-acs.php/test-idps/artifact"
index="3"/> </md:SPSSODescriptor> <md:ContactPerson contactType="technical"> <md:GivenName>Eddie</md:GivenName> <md:SurName>Konczal</md:SurName> <md:EmailAddress>konczal@sas.rutgers.edu</md:EmailAddress> </md:ContactPerson> </md:EntityDescriptor>


SimpleSAMLphp Metadata

Use this if you are using a SimpleSAMLphp entity on the other side:

$metadata['https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/metadata.php/test-idps'] = array ( 'SingleLogoutService' => array ( 0 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/test-idps', ), 1 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect', 'Location' => 'https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/test-idps',
), 2 => array ( 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP', 'Location' => 'https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-logout.php/test-idps', ), ), 'AssertionConsumerService' => array ( 0 => array ( 'index'
=> 0, 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST', 'Location' => 'https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps', ), 1 => array ( 'index' => 1, 'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
'Location' => 'https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml1-acs.php/test-idps', ), 2 => array ( 'index' => 2, 'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact', 'Location' => 'https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps',
), 3 => array ( 'index' => 3, 'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01', 'Location' => 'https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml1-acs.php/test-idps/artifact', ), ), 'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
'contacts' => array ( 0 => array ( 'emailAddress' => 'konczal@sas.rutgers.edu', 'contactType' => 'technical', 'givenName' => 'Eddie', 'surName' => 'Konczal', ), ), 'certData' => 'MIIGjjCCBHagAwIBAgIBADANBgkqhkiG9w0BAQsFADCB3zELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxFjAUBgNVBAcMDU5ldyBCcnVuc3dpY2sxNDAyBgNVBAoMK1J1dGdlcnMsIFRoZSBTdGF0ZSBVbml2ZXJzaXR5IG9mIE5ldyBKZXJzZXkxJDAiBgNVBAsMG1NjaG9vbCBvZiBBcnRzIGFuZCBTY2llbmNlczEfMB0GA1UEAwwWd2ViZGV2LnNhcy5ydXRnZXJzLmVkdTEmMCQGCSqGSIb3DQEJARYXa29uY3phbEBzYXMucnV0Z2Vycy5lZHUwHhcNMjAwODE5MTczNzQwWhcNMzAwODE5MTczNzQwWjCB3zELMAkGA1UEBhMCVVMxEzARBgNVBAgMCk5ldyBKZXJzZXkxFjAUBgNVBAcMDU5ldyBCcnVuc3dpY2sxNDAyBgNVBAoMK1J1dGdlcnMsIFRoZSBTdGF0ZSBVbml2ZXJzaXR5IG9mIE5ldyBKZXJzZXkxJDAiBgNVBAsMG1NjaG9vbCBvZiBBcnRzIGFuZCBTY2llbmNlczEfMB0GA1UEAwwWd2ViZGV2LnNhcy5ydXRnZXJzLmVkdTEmMCQGCSqGSIb3DQEJARYXa29uY3phbEBzYXMucnV0Z2Vycy5lZHUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDugoglIB1TjB96O3K8IGvL8hnuWokneLAhqw6bCU+Jzg8dVnygaM5vC5Jb8pGiSdTzCPxsdPXkb4W3YZWOzP/CszRxktI1oPp7W9/Y38xJuK5iW5e7+M+ivb+TmPS7JA3FKOG23XydJ9I2W+yb/AQYlwoBc1T3jn8FCCDyTHU87/ha7bjdeRaN0xAWSy2D9as04t6ir1sU3qHcH4yOg40IvPsYFHtguBOhOuniJH1JSV0wdO5Kkc2uVxA7/gJh+EJpClMioG8HlDNFhWSoANxKyb8NbKMc/+HOVxSjtS3fvbGpt0XdvQCaqh4tGnOis7mU6RpPtM2HCIDt+6OyUtNf2VijUs4eAarV9ZOzUZozISsnSeMBKVEdKQMPowa8YBJVC15CvyyJOu1r7graO8Tyb6xjJ6JqzIYPaQh5vzLmTh9KCATcq1QaqjrVvHsToUl46su8EfrOucJyrap7D3nKO1hzXFlDgFhmXL6q62M21gMYSZrtXuaEr3Pp9vBtgv1yp2L2OihfNnxsiFoL4lJCZbgQf3ejpKPtnwJcHINDqjJb1N4bIf/xz53A96V2wSzcz7VjnO6PUdRyxTSKXI1hplW60oqDakV74OMYNjmgHBHRlTxkTifrFgC1ZlXLkpOem5HqRgJUKLW7F/oA/YCEO7HJt7qRgRtfldWxfIRivQIDAQABo1MwUTAdBgNVHQ4EFgQUZVrV1F4Tu4XIh2ege+TVR4c5hGEwHwYDVR0jBBgwFoAUZVrV1F4Tu4XIh2ege+TVR4c5hGEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAiRskhUIq5hbOdH9txfTnfV+nSuy1j+DlgwZybNi5k9YPlAmc2SiJXZWePPo9PRxmqdUEjIcFnlsZRu6vMS7+kIAOF7Yhlc2zfikab52DKrdE4TyOILe+pKQ+j97NjJXe/9E4ecfvzrvSbnYECKmJUiUv/Ncvb+3fVf9fpOEaoiokJBDMGvfGhGf6apuAlUo/+n6TsB8KzngJrxyJcVN3h7LdMyDeNaDNxF6Gjc/hLoYo1c2vr+JUU8SBKS0f/y/uhTFBUEkeSs0JC5iW4L3quWACbYv20OXWddmjJJ/4cJjQgL2dUmzXbhJm2uext44g48KHRacvLtJ7YWhhVXCy+dudHMjDXEKhyDdY5qq7HMQml+x3yHN/PstfyzL6k1wfvSZ4RqSEuPJ/s4pVcx8GVM05N6MmEQlwrbFLxYH/TrmWKiFwaSAcr9/BvGE8H8peDMKSsGnt62sDbX28NboqBoNo7M05tMiCiOFRFWGQcE6GeUYI7pRq4runokCNwFvct9zjXrp5z/W6umjtPxJtQfoBuq0l9v4GwLT6Qq7QJndi/F0pX08vpSNWWlHDrBAK58+f0rvPLFmtrBjfhcCFwSzJKSTxjOTRGknXn6aZQCl5ZnHxPJg5bm6MN89++1SHI5k1tnyvsZExOfTxjvyAC6I02rIPh8ONJrJVoB3TpCM=',
);









From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Tuesday, September 1, 2020 3:38 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 34
Accepted Answer Pending Moderation
Hello Eddie,

I did a little digging and found this is related to the base URL path. If I remember correct, you did some testing with that, perhaps you need to tweak that some more and add the missing subfolders to it. Do you already have the subfolder structure set here? If not, add it and see if that helps.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 35
Accepted Answer Pending Moderation
Hi, Roland,



It is not possible to create the subfolder structure that is in the metadata profile – our web server is not set up that way.



In other words,

https://webdev.sas.rutgers.edu/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps is a path that does not exist.



Our test websites are in subdirectories of
https://webdev.sas.rutgers.edu/cms/ (not accessible outside Rutgers).



For example, the site I am working on has the URL
https://webdev.sas.rutgers.edu/cms/sandbox39/



The following URL does exist, and is probably where I should be getting returned to after logging on:



https://webdev.sas.rutgers.edu/cms/sandbox39/libraries/simplesamlphp/www/module.php/saml/sp/saml2-acs.php/test-idps



However, this URL does not show me the Joomla! front-end, but rather a page with the following information:



------start of page------





SimpleSAMLphpLogo



Afrikaans

Català

Čeština

Dansk

Deutsch

ελληνικά

English

Español

eesti keel

Euskara

Suomeksi

Français

עִבְרִית

Hrvatski

Magyar

Bahasa Indonesia

Italiano


日本語

Lëtzebuergesch

Lietuvių kalba

Latviešu

Nederlands

Nynorsk

Bokmål

Język polski

Português

Português brasileiro

Românește

русский язык

Sámegiella

Slovenščina

Srpski

Svenska

Türkçe

isiXhosa


简体中文


繁體中文

IsiZulu



No SAML response provided

You accessed the Assertion Consumer Service interface, but did not provide a SAML Authentication Response. Please note that this endpoint is not intended to be
accessed directly.



If you report this error, please also report this tracking number which makes it possible to locate your session in the logs available to the system administrator:



67cce55ca3



Debug information



The debug information below may be of interest to the administrator / help desk:



SimpleSAML\Error\Error: ACSPARAMS

Backtrace:

2 modules/saml/www/sp/saml2-acs.php:24 (require)

1 lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)

0 www/module.php:10 (N/A)

Caused by: Exception: Unable to find the current binding.

Backtrace:

3 vendor/simplesamlphp/saml2/src/SAML2/Binding.php:108 (SAML2\Binding::getCurrentBinding)

2 modules/saml/www/sp/saml2-acs.php:18 (require)

1 lib/SimpleSAML/Module.php:254 (SimpleSAML\Module::process)

0 www/module.php:10 (N/A)






Report errors



Optionally enter your email address, for the administrators to be able contact you for further questions about your issue:

E-mail address:



How to get help



This error probably is due to some unexpected behaviour or to misconfiguration of SimpleSAMLphp. Contact the administrator of this login service, and send them
the error message above.

© 2007-2020 SimpleSAMLphp

Small fish logo



------end of page------



Regards, Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Tuesday, September 1, 2020 4:34 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 36
Accepted Answer Pending Moderation
Additional: When is the back-end login module expected to be added to the extension?



Thanks,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Tuesday, September 1, 2020 4:34 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 37
Accepted Answer Pending Moderation
Hello Eddie,

If you put https://webdev.sas.rutgers.edu/cms/sandbox39/ as the Base Path URL, does it not work either? Today I ran across my notes and saw a remark that it does not work in subfolders. So I guess I ran into issues with the subfolder before. Let's see if you have the full path set.

The back-end login module is expected by the end of this year.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 38
Accepted Answer Pending Moderation
Hello Eddie,

This weekend I have been busy looking into this. The incorrect URLs you see are just incorrect on display. My extension never took into account you may be putting in a full URL and always assumed a relative path.

We can try something else too. In the folder sandbox39 we will create a symbolic link to the www folder by running this command from the sandbox39 folder:

ln -sfn libraries/simplesamlphp/www www


In your configuration you put https://webdev.sas.rutgers.edu/cms/sandbox39/www for the base URL path.

In the sandbox39 folder we add an .htaccess with the following content

RewriteEngine on
RewriteCond %{REQUEST_URI} !(.*)sandbox39
RewriteRule ^(.*)$ cms/sandbox39/www/$1 [L]


This should get you a metadata URL like https://webdev.sas.rutgers.edu/cms/sandbox39/www/module.php/saml/sp/metadata.php/XXX where XXX is the name set in the authsources.php.

That is how I think it should be working. It also depends where your VHOST points too. I am now guessing that sandbox39 is a subfolder of cms which is a subfolder of the root.
Kind regards,

RolandD

=========================
If you use our extensions, please post a rating and a review at the Joomla! Extension Directory
  1. more than a month ago
  2. Pre-sale questions
  3. # 39
Accepted Answer Pending Moderation
Hi, Roland,



I made these changes, but they did not fix the problem.



When I click the front-end login, I get:



Shibboleth Service - Unsupported Request
The application you have accessed is not registered for use with this service.






And in the back-end, the metadata URL is clearly incorrect:



https://webdev.sas.rutgers.edu/cms/sandbox39/https://webdev.sas.rutgers.edu/cms/sandbox39/www/module.php/saml/sp/metadata.php/test-idps



Thanks,

Eddie





From: RolandD Cyber Produksi <support@rolandd.com>


Sent: Monday, September 7, 2020 3:44 PM

To: Edward Konczal <konczal@sas.rutgers.edu>

Subject: [#63545]: Errors installing RO Single Signon (Reply)
  1. more than a month ago
  2. Pre-sale questions
  3. # 40
  • Page :
  • 1
  • 2
  • 3


There are no replies made for this post yet.
Be one of the first to reply to this post!
Edward Konczal
Submit Your Response
Upload files or images for this discussion by clicking on the upload button below. Supports gif,jpg,png,jpeg,zip,rar,pdf,csv,txt,tsv,xml,docx,doc,xls,xlsx,ods,tgz
• Insert • Remove Upload Files (Maximum File Size: 4 MB)
In this section you can provide your site details at here and it visible to the moderators only.