Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can not view or download Service Provider Metadata #842

Open
DaS-hpolbb opened this issue Nov 7, 2024 · 6 comments
Open

Can not view or download Service Provider Metadata #842

DaS-hpolbb opened this issue Nov 7, 2024 · 6 comments

Comments

@DaS-hpolbb
Copy link

What happened?

Our Moodle Version is 4.4.3
SAML2 auth_saml2 version 2024071101

When trying to display the service provider metadata (View Service Provider Metadata) we get the following error:

Website Administration > plugins (authentication) > SAML2
URL: https://moodle.example.de/auth/saml2/sp/metadata.php

ERROR: authsources['moodle.example.de']: Could not retrieve the required option 'description'.

Please provide as many of the following as applies:

  • stacktrace of the error
Stack trace: 
line 363 of /auth/saml2/.extlib/simplesamlphp/vendor/simplesamlphp/assert/src/Assert.php: SimpleSAML\Assert\AssertionFailedException thrown
line 381 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Assert\Assert::__callStatic()
line 900 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Configuration->getValue()
line 161 of /auth/saml2/locallib.php: call to SimpleSAML\Configuration->getArray()
line 51 of /auth/saml2/sp/metadata.php: call to auth_saml2_get_sp_metadata()
  • a dump of the error log with both moodle debugging on full and saml debugging on as well
    NGINX error.log
2024/11/07 13:15:44 [error] 973#973: *6597 FastCGI sent in stderr: "PHP message: Default exception handler: Fehler: authsources['moodle.example.de']: Could not retrieve the required option 'description'. Debug:
Error code: generalexceptionmessage
* line 363 of /auth/saml2/.extlib/simplesamlphp/vendor/simplesamlphp/assert/src/Assert.php: SimpleSAML\Assert\AssertionFailedException thrown
* line 381 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Assert\Assert::__callStatic()
* line 900 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Configuration->getValue()
* line 161 of /auth/saml2/locallib.php: call to SimpleSAML\Configuration->getArray()
* line 51 of /auth/saml2/sp/metadata.php: call to auth_saml2_get_sp_metadata()" while reading response header from upstream, client: x.x.x.x, server: moodle.example.de, request: "GET /auth/saml2/sp/metadata.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9081", host: "moodle.example.de", referrer: "https://moodle.example.de/admin/settings.php?section=authsettingsaml2"

The attempt to download the service provider metadata also ends in an error:

https://moodle.example.com/auth/saml2/sp/metadata.php?download=1

HTTP ERROR 404 > ERR_INVALID_RESPONSE

What you expected:

That we can see the service provider metadata.
@TimEberhardt
Copy link

I can confirm this error. My SAML2 authentication was working before the upgrade to Moodle 4.4 and new version of this plugin.

@danmarsden
Copy link
Member

@TimEberhardt please test the new MOODLE_404_STABLE branch here in github which should fix this.

@TimEberhardt
Copy link

TimEberhardt commented Dec 10, 2024
edited
Loading

@TimEberhardt please test the new MOODLE_404_STABLE branch here in github which should fix this.

Hi @danmarsden
I already tried that branch, but the exact same error persists.

EDIT: tried again with fresh pull, but no change

@danmarsden
Copy link
Member

@TimEberhardt if you're getting a 404 when trying to download the metadata - can you try hitting the "regenerate certificate" button on the auth_saml2 settings page? - does that generate an error or does it fix the 404 you get when trying to download the cert?

I wonder if you have accidentaly deleted the cert in the moodledata folder during your upgrade?

@TimEberhardt
Copy link

@danmarsden No, the correct (external requested and signed) certificate is in the right location. As a test I just let moodle generate a new one, which is working as expected. In the same data/saml2/ folder the xml file is also updated with the correct certificate information. But when I want to view or download the metadata (or want to login using SSO) I get the same error described by @DaS-hpolbb . If I edit the auth/saml2/locallib.php (lines 161 and 166) and manually set the description and nameFormat to any value, I can get the metadata. The script fails to get description and NameFormat values.

@TimEberhardt
Copy link

I just re tested everything (now on moodle version 4.4.5+ build 20250117 with saml2 on freshly updated MOODLE_404_STABLE branch) but the error is the same. I tested to recreate certificate (replacing my original certified one), updated IDP metadata, tried various test IDPs (completely replacing our real IDP), reset various settings back to default again... No luck!
Error is once again:

[20-Jan-2025 11:02:51 Europe/Berlin] Default exception handler: Exception - authsources['xxx.yyy.zzz.de']: Could not retrieve the required option 'description'. Debug: 
Error code: generalexceptionmessage
* line 398 of /auth/saml2/.extlib/simplesamlphp/vendor/simplesamlphp/assert/src/Assert.php: SimpleSAML\Assert\AssertionFailedException thrown
* line 404 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Assert\Assert::__callStatic()
* line 942 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Configuration->getValue()
* line 161 of /auth/saml2/locallib.php: call to SimpleSAML\Configuration->getArray()
* line 51 of /auth/saml2/sp/metadata.php: call to auth_saml2_get_sp_metadata()

And if I remove line 161-164 from locallib.php (description attr) just for testing, it complains about the NameFormat value:

[20-Jan-2025 11:21:12 Europe/Berlin] Default exception handler: Exception - authsources['xxx.yyy.zzz.de']: Could not retrieve the required option 'attributes.NameFormat'. Debug: 
Error code: generalexceptionmessage
* line 398 of /auth/saml2/.extlib/simplesamlphp/vendor/simplesamlphp/assert/src/Assert.php: SimpleSAML\Assert\AssertionFailedException thrown
* line 404 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Assert\Assert::__callStatic()
* line 693 of /auth/saml2/.extlib/simplesamlphp/src/SimpleSAML/Configuration.php: call to SimpleSAML\Configuration->getValue()
* line 166 of /auth/saml2/locallib.php: call to SimpleSAML\Configuration->getString()
* line 51 of /auth/saml2/sp/metadata.php: call to auth_saml2_get_sp_metadata()

If I remove the line of code which tries to get this NameFormat attribute from locallib.php too, then I can get my SP metadata, but with theses values missing. No clue what's wrong there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danmarsden @DaS-hpolbb @TimEberhardt