1

I try to integrate simplesamlphp with Joomla, I am getting the following error when I get authorization in simplesamlphp idp

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION

Backtrace:
1 www/_include.php:17 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: SimpleSAML\Error\Exception: Unable to load private key from file "/var/simplesamlphp/cert/saml.pem"
Backtrace:
14 lib/SimpleSAML/Utils/Crypto.php:220 (SimpleSAML\Utils\Crypto::loadPrivateKey)
13 modules/saml/lib/Message.php:34 (SimpleSAML\Module\saml\Message::addSign)
12 modules/saml/lib/IdP/SAML2.php:1094 (SimpleSAML\Module\saml\IdP\SAML2::buildAssertion)
11 modules/saml/lib/IdP/SAML2.php:54 (SimpleSAML\Module\saml\IdP\SAML2::sendResponse)
10 [builtin] (call_user_func)
9 lib/SimpleSAML/IdP.php:287 (SimpleSAML\IdP::postAuthProc)
8 lib/SimpleSAML/IdP.php:333 (SimpleSAML\IdP::postAuth)
7 [builtin] (call_user_func)
6 lib/SimpleSAML/Auth/Source.php:230 (SimpleSAML\Auth\Source::loginCompleted)
5 [builtin] (call_user_func)
4 lib/SimpleSAML/Auth/Source.php:145 (SimpleSAML\Auth\Source::completeAuth)
3 modules/core/lib/Auth/UserPassBase.php:298 (SimpleSAML\Module\core\Auth\UserPassBase::handleLogin)
2 modules/core/www/loginuserpass.php:83 (require)
1 lib/SimpleSAML/Module.php:236 (SimpleSAML\Module::process)
0 www/module.php:9 (N/A)

I have installed simplesamlphp and I have configured SP and ISP in the same simplesamlphp installation. Among the configuration steps I created in the cert directory the files saml.pem and saml.crt as described in the documentation using the command openssl req -newkey rsa: 3072 -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem this while being located in the /cert directory.

In joomla when executing the following code 

require_once('/var/simplesamlphp/lib/_autoload.php');

$as = new SimpleSAML_Auth_Simple('default-sp');

$as->requireAuth(); // <-- 

$attributes = $as->getAttributes();

print_r($attributes);

die();

The simplesamlphp idp form is opened requesting the credentials, when authorizing me it sends me the error described above

I welcome your comments

Mario
  • 4,784
  • 3
  • 34
  • 50
  • 2
    Does the web server user have permissions to read those files? – Kellen Murphy Sep 05 '19 at 00:51
  • 1
    Thanks for answering Kellen, in fact that turned out to be the problem, apply chmod 755 to / cert directory and that solved the problem. – Mario Sep 05 '19 at 03:29
  • 1
    Please do not abandon this page. Please either retract your question, or find a duplicate that informs researchers about file permissions. You might like to join [joomla.se] Stack Exchange if you are doing Joomla development. – mickmackusa Sep 05 '19 at 08:34

2 Answers2

0

The solution that worked for me was to go into the website/vendor/simplesamlphp/simplesamlphp/config/config.php file and adjust the directory from where the certs are read from.

This is the very top of the file. 

$config = array(

'baseurlpath' => 'http://website.localdev/',
'certdir' => 'certs/',
'loggingdir' => 'log/',
'datadir' => 'data/',

Initially this was set to cert/, and the directory I had created was certs/

dustbuster
  • 79,958
  • 7
  • 21
  • 41
0

The original permissions, when you follow the procedure, are the following :

-rw-r--r--  1 root root 1773 avril 27 21:13 saml.crt
-rw-------  1 root root 2484 avril 27 21:12 saml.pem

Which is NOT good, since the web server is running with uid/gid www-data/www-data.

You can fix it, giving the minimum permissions required : allowing group read access to www-data :

$ sudo chown :www-data saml.pem
$ sudo chmod g+r saml.pem
JB.
  • 1,103
  • 1
  • 20
  • 37