I am the SP, I can not loggedin into the SP using IDP of my client,
I got below error:
SimpleSAML_Error_Error: ACSPARAMS
Backtrace:
1 modules/saml/www/sp/saml2-acs.php:21 (require)
0 www/module.php:135 (N/A)
Caused by: Exception: Unable to find the current binding.
Backtrace:
2 vendor/simplesamlphp/saml2/src/SAML2/Binding.php:99 (SAML2\Binding::getCurrentBinding)
1 modules/saml/www/sp/saml2-acs.php:16 (require)
0 www/module.php:135 (N/A)
My Configuration for authsource.php is like below:
'abc-live-sp' => array(
'saml:SP',
'privatekey' => 'saml.pem',
'certificate' => 'saml.crt',
'entityID' => null,
'idp' => 'https://federation-a.parnassiagroep.nl/superbrains',
'discoURL' => null,
'NameIDPolicy' => false,
),
Is there anything i am missing?
help will be appreciated.
The exception trace is as below.
In config.php, allow HTTP POST requests. This worked for me.
'enable.http_post' => true
In addition, I restricted ACS URL binding to HTTP-POST. This may not be necessary.
'acs.Bindings' => array( 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST').
I still don't know why the ACS URL and other URLs in the metadata are coming as HTTP links, All the links in the config files are HTTPS.
Did you setup the Identity Provider in your "metadata/saml20-idp-remote.php" file?
It's been a while since I used simplesamlphp but I'm pretty sure you would need to have the Identity Provider (IdP) administrator add you as an "accepted" Service Provider (SP). This is done by sharing your metadata with them.
There is a very handy guide by UNINETT, the creators of simplesamlphp here:
https://simplesamlphp.org/docs/stable/simplesamlphp-sp
Someone also had a similar issue:
Simplesamlphp unhandled exception error while using as SP
Related
I'm using windows, xampp and fairly new on integrating docusign. I watched this tutorial from docusign using PHP, however since the tutorial is using mac, I'm getting confused on how I will setup this tutorial on my xampp and windows and the result is I'm getting the error:
The redirect URI is not registered properly with DocuSign
Here is how I did my setup
1.) Clone the repository and place it on my xamp/htdocs/eg-something-something
2.) Rename the ugly repository name to xamp/htdocs/docusign/
3.) Run composer install to get the dependencies
4.) I configured my ds_config.php and here is my code... I removed credentials for security purposes
<?php
// ds_config.py
//
// DocuSign configuration settings
$DS_CONFIG = [
'ds_client_id' => 'xxxx', # The app's DocuSign integration key
'ds_client_secret' => 'xxx', # The app's DocuSign integration key's secret
'signer_email' => 'xxx#gmail.com',
'signer_name' => 'Michael',
'app_url' => 'http://localhost/docusign/public', // The url of the application.
// Ie, the user enters app_url in their browser to bring up the app's home page
// Eg http://localhost/eg-03-php-auth-code-grant/public if the app is installed in a
// development directory that is accessible via web server.
// NOTE => You must add a Redirect URI of app_url/index.php?page=ds_callback to your Integration Key.
'authorization_server' => 'https://account-d.docusign.com',
'session_secret' => '{SESSION_SECRET}', // Secret for encrypting session cookie content
'allow_silent_authentication' => true, // a user can be silently authenticated if they have an
// active login session on another tab of the same browser
'target_account_id' => false, // Set if you want a specific DocuSign AccountId, If false, the user's default account will be used.
'demo_doc_path' => 'demo_documents',
'doc_docx' => 'World_Wide_Corp_Battle_Plan_Trafalgar.docx',
'doc_pdf' => 'World_Wide_Corp_lorem.pdf',
// Payment gateway information is optional
'gateway_account_id' => '{DS_PAYMENT_GATEWAY_ID}',
'gateway_name' => "stripe",
'gateway_display_name' => "Stripe",
'github_example_url' => 'https://github.com/docusign/eg-03-php-auth-code-grant/tree/master/src/',
'documentation' => false
];
$GLOBALS['DS_CONFIG'] = $DS_CONFIG;
5.) I log into my admin sandbox and use this as my redirect URI
http://localhost/docusign/public/index.php?page=ds_callback
The web app is running but I am having an error of "The redirect URI is not registered properly with DocuSign" when I click the login or just by authenticating.
Thanks for helping me on this issue.
Update part:
I tried adding http:// on the configuration of the integration key on sandbox, however, I'm getting a fatal error:
Fatal error: Uncaught GuzzleHttp\Exception\RequestException: cURL
error 77: error setting certificate verify locations: CAfile:
C:\xampp\apache\bin\curl-ca-bundle.crt CApath: none (see
http://curl.haxx.se/libcurl/c/libcurl-errors.html) in
C:\xampp\htdocs\docusign\vendor\guzzlehttp\guzzle\src\Handler\CurlFactory.php
on line 186
Once I tried to authenticate. Check this screenshot for the errors.
try http://localhost/docusign/public/index.php?page=ds_callback as the redirect URL.
You need the complete URL including the http:// part.
I am trying to add google authentication in my laravel application using hybrid auth.
Google auth configuration:
<?php
return array(
"base_url" => "https://mywebsite.com/gauth/auth",
"providers" => array(
"Google" => array(
"enabled" => true,
"keys" => array(
"id" => "myid.apps.googleusercontent.com",
"secret" => "mysecret"
),
"scope" => "https://www.googleapis.com/auth/userinfo.email "
)
)
);
The authentication worked fine in the http website. But when I added SSL/https to the site it is not working and I am getting the following error:
Exception in Auth.php line 169:
User profile request failed! Google returned an error: exception 'Exception' with message 'The Authorization Service has return: invalid_request' in /project/httpdocs/vendor/hybridauth/hybridauth/hybridauth/Hybrid/thirdparty/OAuth/OAuth2Client.php:84
What is the issue causing this error?
I think the error was due to the PHP version. The PHP version was higher than recommended by the Hybrid Auth.
Used the Google PHP library and worked fine.
https://developers.google.com/api-client-library/php/auth/web-app
I am using https://github.com/boundstate/yii2-mailgun
Yii2 extension for Mailgun and extending it on my wrapper class.
i configure as shown in documentation in web.php ,
'mailer' => [
'class' => 'boundstate\mailgun\Mailer',
'key' => 'key-85886fafb248373bd90a396',// valid key
'domain' => 'sandbox5d98013abb1749fd94b68.mailgun.org',//valid domain
],
Now,
when i am using it by,
Yii::$app->mailer->compose()
->setFrom('valid-email-address')
->setTo('valid-email-address')
->setSubject("test mail from mailgun api")
->send();
first , i got issue with SSL for my localhost.
GuzzleHttp\Exception\RequestException
cURL error 60: SSL certificate problem: unable to get local issuer certificate
↵
Caused by: GuzzleHttp\Ring\Exception\RingException
there is no any configuration to set SSL => false through config as we can do with sendgrid extension.
and also i am facing this error after this,
Mailgun\Connection\Exceptions\MissingEndpoint
The endpoint you've tried to access does not exist. Check your URL
In mailgun Api , they are using "api.mailgun.net" ,although it throws such kind of error ..
Is there any solution for these two issues ??
Maybe you can read this issue in github first #130 and #175.
To solve your problem you can manually add this line in your php.ini(based on Comment on that issues)
[curl]
; A default value for the CURLOPT_CAINFO option. This is required to be an
; absolute path.
curl.cainfo = "C:\php\extras\cacert.pem"
Or you can use my way, by added it manually with instance Client adapter from guzzle like this. If you want use ssl, you can set verify to false
use Http\Adapter\Guzzle6\Client;
$httpClient = Client::createWithConfig([
'verify' => __DIR__ . '/../config/ca-cert.pem'
]);
$mailgun = new Mailgun(self::$apiKey, $httpClient);
I am trying to get the WSO2 Identity Server (4.0.0) to authenticate simplesamlphp (1.10.0) sessions.
The WSO2 IS host is running # https://sim2:9443/ # IdP server.
The simplesamlphp scripts are running # http://dellperf1/simplesaml/ # Configured as SP
Configuration
On the the WSO2 end, I have configured an Issuer as follows:
wso2 IS Issuer Configuration
I have configured some users, both by using the "Add User" under configure -> User and Roles and by "Sign Up" function on the WSO2 IS homepage.
I have configured simplesamlphp as follows -
config/authsources.php
entityID matches "Issuer" in the WSO2 config - it's my company name, so I've obscured it.
14 // An authentication source which can authenticate against both SAML 2.0
15 // and Shibboleth 1.3 IdPs.
16 'default-sp' => array(
17 'saml:SP',
18
19 // The entity ID of this SP.
20 // Can be NULL/unset, in which case an entity ID is generated based on the metadata URL.
21 'entityID' => '$ISSUER HIDDEN',
22
23 // The entity ID of the IdP this should SP should contact.
24 // Can be NULL/unset, in which case the user will be shown a list of available IdPs.
25 // 'idp' => NULL,
26
27 // The URL to the discovery service.
28 // Can be NULL/unset, in which case a builtin discovery service will be used.
29 // 'discoURL' => NULL,
30 'privatekey' => 'saml.pem',
31 'certificate' => 'saml.crt',
32 ),
metadata/saml20-idp-remote.php
93 /*
94 * $MY IdP
95 */
96
97 $metadata['https://sim2.FQDN:9443'] = array(
98 'name' => array(
99 'en' => '$company IdP test server',
100 ),
101 'description' => 'WSO2 ID Server',
102 'SingleSignOnService' => 'https://sim2:9443/samlsso',
103 'SingleLogoutService' => 'https://sim2:9443/samlsso',
104 //'certFingerprint' => '04b3b08bce004c27458b3e85b125273e67ef062b'
105 'certFingerprint' => '6bf8e136eb36d4a56ea05c7ae4b9a45b63bf975d'
106
107 );
Whenever I visit http://dellperf1/simplesaml/ , select the Authentication tab -> Test Authentication sources -> default-sp and select "$company IdP test server", I am correctly redirected to the wso2 server and presented with the "SAML 2.0 based Single Sign-On" page.
This is where I hit problems. I don't seem to be able to authenticate using any user I have created, either using Add User, or Sign up.
I only get the following in the Carbon logs:
[2013-01-29 11:36:57,269] WARN {org.wso2.carbon.identity.sso.saml.processors.AuthnRequestProcessor} - Authentication Failure, invalid username or password.
The users are in the default profile, which has the following configured as roles: "identity,everyone".
If I try to log in using the (default) admin:admin password, I seem to be able to authenticate, but simplesamlphp throws an exception:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
0 /var/simplesamlphp/www/module.php:180 (N/A)
Caused by: Exception: Unable to find the current binding.
Backtrace:
2 /var/simplesamlphp/lib/SAML2/Binding.php:95 (SAML2_Binding::getCurrentBinding)
1 /var/simplesamlphp/modules/saml/www/sp/saml2-acs.php:11 (require)
0 /var/simplesamlphp/www/module.php:135 (N/A)
I think I am hitting two issues here:
1) The users I am creating are unable to be authenticated using SAML - whereas the admin user can be. Why might this be? Profiles or policy issues?
2) Even if I could authenticate with a users I have created, other than admin, would I get the same Binding backtrace?
I have seen some traffic on the wso mailing lists in December 2012 around the binding WSO2 IS supports - am I fighting a losing battle here?
If simplesamlphp and WSO2 IS won't currently play well together, can someone from the WSO2 crowd suggest a simple method for testing SAML-2.0 against their IS?
If User can not login, it means that you have not configure login permission to that user... Please assign login permission to "everyrole" and check..
I guess one of my friend has tried the simplesamlphp integration with WSO2 Identity server, Please find blog post that he has written from there [1]. I guess this would help you.
[1] http://blog.facilelogin.com/2013/06/wso2-identity-server-saml2-idp-with.html
I've downloaded Amazon's Marketplace SDK and I'm trying out one of the samples in the samples dir. However, I'm getting an exception with the following details whenever I try it:
Caught Exception: Internal Error
Response Status Code: 0
Error Code:
Error Type:
Request ID:
XML: RequestId: , ResponseContext: , Timestamp:
ResponseHeaderMetadata:
I have got CURL enabled with SSL as well. What am I doing wrong?
This answer is for future reference. For in-depth troubleshooting, see comments on the question.
The empty response indicates a failed connection to the Amazon server. In this case, HTTP worked fine, but HTTPS did not. As turning off CURLOPT_SSL_VERIFYPEER in the cURL settings solved the issue, it appears that the Amazon server was not using a valid SSL certificate.
Having CURLOPT_SSL_VERIFYPEER turned on checks if the requested host has a valid certificate and lets cURL return false if it doesn't. When CURLOPT_SSL_VERIFYPEER is off, invalid certificates (e.g., self-signed) are accepted and return the regular response.
For future reference. In the new version of the SDK the options are referenced in the client.php as follows
private function getDefaultCurlOptions() {
return array (
CURLOPT_POST => true,
CURLOPT_USERAGENT => $this->config['UserAgent'],
CURLOPT_VERBOSE => true,
CURLOPT_HEADERFUNCTION => array ($this, 'headerCallback'),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => true,
CURLOPT_SSL_VERIFYHOST => 2
);
}
setting
CURLOPT_SSL_VERIFYPEER => false,
did the trick in my case. As I am not a security expert, however, no recommendation from this point of view. At least its working and you are probably not loosing 1 whole day as I did.
I experienced a very similar connection issue with Amazon. It was the sample files bundled with the Amazon php api, which contain a following configuration array:
$config = array (
'ServiceURL' => $serviceUrl,
'ProxyHost' => null,
'ProxyPort' => -1,
'MaxErrorRetry' => 3,
);
and if this is copied over and not modified
'ProxyPort' => -1,
will result in an attempt to connect through a proxy port -1 which will of course fail (issue tracked by checking curl error). I hope this helps.