Hello all,
Here are the steps for setting up SSO on the OPDK version of the developer portal. These steps have been adapted from @gkoli@apigee.com.
location ^~ /simplesaml { index index.php index.html index.htm; alias /opt/apigee/apigee-drupal/wwwroot/private/simplesamlphp/www; location ~ ^(?<prefix>/simplesaml)(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ { include /opt/nginx/conf/fastcgi_params; fastcgi_pass 127.0.0.1:8888; fastcgi_param SCRIPT_FILENAME $document_root$phpfile; fastcgi_param PATH_INFO $pathinfo if_not_empty; } }
if (php_sapi_name() == 'cli') { // Avoid drush and simplesamlphp conflicts. $conf['simplesamlphp_auth_activate'] = FALSE; } $conf['simplesamlphp_auth_installdir'] = '/opt/apigee/apigee-drupal/wwwroot/private/simplesamlphp';
include '/opt/apigee/apigee-drupal/wwwroot/sites/default/settings.php'; $host = $_SERVER['HTTP_HOST']; $db = $databases['default']['default'];
'baseurlpath' => 'https://' . $host . '/simplesaml/',
'store.sql.dsn' => 'pgsql:host=' . $db['host'] . ';port=5432;dbname=' . $db['database'],
'store.sql.username' => $db['username'], 'store.sql.password' => $db['password'],
A couple of notes after following this excellent doc:
Thanks for the share Karl, Appreciate it
Hi,
We are configuring simple saml with ngnix and followed the steps mentioned until 18. When trying to perform step#19.1, we are getting an error.
Error: SimpleSAML\Error\NotFound: The requested page 'http://ip:8079/simplesaml/module.php/core/frontpage_welcome.php' could not be found. The module 'le.php' was either not found, or wasn't enabled.
module.php,index.php location: /apps/apigee/apigee-drupal/wwwroot/private/simplesamlphp/www
frontpage_welcome.php location: /apps/apigee/apigee-drupal/wwwroot/private/simplesamlphp/modules/core/www
"<saml_root>/config/config.php" : 'baseurlpath' => 'http://<ip>:8079/simplesaml/'
Please let me know if you need any more details.
Thanks.
@kengilbert, @Karl Scheirer, I have followed the document step-by-step. But got stuck at step no 20, where simplesamle ui page need to be accessed.
Whenever I am trying to access the page https://portalhost:port/simplesaml
It redirected to : https://portalhost:port/simplesaml/module.php/core/frontpage_welcome.php
and give below error:
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
1 www/_include.php:17 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: PDOException: SQLSTATE[42704]: Undefined object: 7 ERROR: type "simplesamlphp_kvstore_expire" does not exist
LINE 1: ALTER TABLE SimpleSAMLphp_kvstore ADD INDEX SimpleSAMLphp_kv...
And on refreshing the page, it keep on giving a constant but different error:
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
1 www/_include.php:17 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: PDOException: SQLSTATE[42P07]: Duplicate table: 7 ERROR: relation "simplesamlphp_kvstore" already exists
Backtrace:
when I check in backend postgres database (devportal), below tables exists related to simplesaml
public | simplesamlphp_kvstore | table | drupaladmin
public | simplesamlphp_tableversion | table | drupaladmin
I haven't seen this error before, but it seems like a problem with creating tables/indexes in pgsql. Can you verify that the user specified by store.sql.username is able to add an index to a table?
@Karl Scheirer, the issue get resolved, when I used the older version of SimpleSAMLphp i.e. SimpleSAMLphp 1.16.1
Also, i have to use version 7.x-2.0-alpha2 instead of latest version 7.x-3.x-dev for simplesamlphp_auth module for Drupal 7.
Now, user can authenticated with sso, but I am not bale to automate the role population.
Even though I am passing the correct details.
2:memberOf,~=,<My IDP Administrator Group>
the above issue get fixed, when I used 2:memberOf,=,<My IDP Administrator Group> and in my IDP config i add SAML attribute memberOf mapped to AD/LDAP CN extraction (multi value output)
where is the certificate for saml signature verification stored?