5

My simplesaml was working perfectly until I upgraded Apache to 2.4.6 on Ubuntu

The error I was getting :

Forbidden

You don't have permission to access /simplesaml/ on this server.
Russell England
  • 9,436
  • 1
  • 27
  • 41

3 Answers3

8

The instructions for installing simplesamlphp on Apache only require an alias for the simplesamlphp directory :

https://simplesamlphp.org/docs/stable/simplesamlphp-install#section_6

But for Apache 2.4.6+ the security has changed - it worked for me when I added a Directory directive. eg:

<VirtualHost *:80>
    ServerName mywebsite.dev
    DocumentRoot /home/myuser/www/mywebsite/

    <Directory /home/myuser/www/mywebsite/>
        Require all granted
    </Directory>

    Alias /simplesaml /var/simplesamlphp/www

    <Directory /var/simplesamlphp/www/>
        Require all granted
    </Directory>

</VirtualHost>
Russell England
  • 9,436
  • 1
  • 27
  • 41
  • Have you resolved this problem. I am getting the same error on MAMP PRO. i change the owner and group of /var/simplesaml but didn't worked. I tried with 777 but didn't worked. – MutantMahesh May 26 '14 at 12:01
  • Yes the answer above is the resolution - you need to add the statement for require all granted – Russell England May 26 '14 at 13:31
1

While the chosen answer is correct I would like to add that SELinux can also cause this error. It took me a couple hours to realize that was my problem after following tons of examples online.

If you are running SELinux make sure you run the following command:

chcon -R --reference=/var/www /var/simplesamlphp

This will place the /var/simplesamlphp directory in the same security context as /var/www. You can't just place the /var/simplesamlphp/www directory in the same context because _include.php accesses files in /var/simplesamlphp/lib.

I hope this prevents someone from spending as much time on this problem as I did.

sud0
  • 537
  • 4
  • 18
1

If you installed simplesamlphp via compose, this can be more complex. In addition to @RusselEngland's answer of needing to add proper Apache config, if you are still getting a 403, you need to make sure that this file is not being prevented by a rule in .htaccess.

Apache config:

<VirtualHost *:80>
    DocumentRoot /var/www/html

    Alias /simplesaml /var/www/html/vendor/simplesamlphp/simplesamlphp/www

    <Directory /var/www/html/vendor/simplesamlphp/simplesamlphp/www/>
        Require all granted
    </Directory>
</VirtualHost>

.htaccess (in /var/www/html);

<IfModule mod_rewrite.c>
    #...
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
    RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
    RewriteCond %{REQUEST_URI} !^/simplesaml/*  # Add this condition
    RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
</IfModule>
Zags
  • 37,389
  • 14
  • 105
  • 140