This question about Authentication or Authorisation: Asked

Set Up for SAML Authentication

I have installed the SAML extension and configured best I can determine (it is very cryptic), configuration below.

The problem is when the SAML Assertion posts back, not when the SP Redirect is initiated. The SP Init request seems to process correctly, I am hoping that that is validating all my settings properly.

==> error.log <==
| 2021-06-19T19:57:24-06:00 warning | verify: unable to get local issuer certificate at /usr/local/share/perl/5.24.1/Net/SAML2/Binding/POST.pm line 37.
at /usr/local/share/perl/5.24.1/Net/SAML2/Binding/POST.pm line 37.
Net::SAML2::Binding::POST::handle_response(Net::SAML2::Binding::POST=HASH(0x55b2e306e788), "PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0\x{d}"...) called at /var/www/foswiki/lib/Foswiki/LoginManager/SamlLogin.pm line 380
Foswiki::LoginManager::SamlLogin::samlCallback(Foswiki::LoginManager::SamlLogin=HASH(0x55b2e421f680), "PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0\x{d}"..., Foswiki::Request=HASH(0x55b2e38d08b8), Foswiki=HASH(0x55b2e2858f50)) called at /var/www/foswiki/lib/Foswiki/LoginManager/SamlLogin.pm line 517
Foswiki::LoginManager::SamlLogin::login(Foswiki::LoginManager::SamlLogin=HASH(0x55b2e421f680), Foswiki::Request=HASH(0x55b2e38d08b8), Foswiki=HASH(0x55b2e2858f50)) called at /var/www/foswiki/lib/Foswiki/UI.pm line 534
Foswiki::UI::logon(Foswiki=HASH(0x55b2e2858f50)) called at /var/www/foswiki/lib/Foswiki/UI.pm line 374
Foswiki::UI::__ANON__() called at /usr/share/perl5/Error.pm line 421
eval {...} called at /usr/share/perl5/Error.pm line 413
Error::subs::try(CODE(0x55b2e2549ab0), HASH(0x55b2e2858968)) called at /var/www/foswiki/lib/Foswiki/UI.pm line 500
Foswiki::UI::_execute(Foswiki::Request=HASH(0x55b2e38d08b8), CODE(0x55b2e38d0e10), "sessionRequired", 1, "logon", 1, "login", 1) called at /var/www/foswiki/lib/Foswiki/UI.pm line 326
Foswiki::UI::handleRequest(Foswiki::Request=HASH(0x55b2e38d08b8)) called at /var/www/foswiki/lib/Foswiki/Engine/CGI.pm line 100
Foswiki::Engine::CGI::run(Foswiki::Engine::CGI=HASH(0x55b2e312f1c8)) called at /var/www/foswiki/bin/login line 31.

My configuration

{Saml}{metadata}:

This is a URL to the metadata file from the IDP that I have uploaded into my wiki.

IDP Metadata URI:

This is the Issuer URL that the IDP sends in the SAML Assertion.

Service Provider Name:

Entered "FosWiki".

Request Signing Certificate File: / Request Signing Key File:

For this and the next one (key) I used openssl to generate key and sign certificate. Both files are saved on my system and file permissions have been verified that Apache service can read the files.

/var/www/foswiki/SAML/sp_cert.pem

/var/www/foswiki/SAML/sp_key.pem

Identity Provider CA Cert File:

/var/www/foswiki/SAML/onelogin.pem

-- KevinCreason - 20 Jun 2021

QuestionForm edit

Subject Authentication or Authorisation
Extension SamlLoginContrib
Version Foswiki 2.1.6
Status Asked
Related Topics
Topic revision: r1 - 20 Jun 2021, KevinCreason
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy