I haven’t integrated with OOD yet. That’ll be my next step. Currently working on setting up SSO with XDMoD. Followed the documentation on Open XDMoD - Single Sign On Guide
The OnDemand panel won’t work if you can’t log into XDMOD successfully using SSO. The OnDemand panels rely on SSO between OnDemand and XDMOD.
1 Like
I understand that, but we could have an XDMod instance without OOD, and integrate this instance with SSO. That’s the test I’m trying.
1 Like
I got a return from Ryan from XDMoD support
A simple solution for a MySQL and MariaDB release condition
In my case that I use MariaDB I inserted sql_mode= at the end of the /etc/my.cnf.d/mariadb-server.cnf file
It seems like i found the error.
It’s the simplesaml certificate to decrypt the messages sent by my idp. I followed this link to setup the certs SimpleSAMLphp Documentation. Could you check your authsources.php for certificate and privatekey if it points to the self signed one you created if you followed the Simplesaml documentation
Nov 10 19:28:17 simplesamlphp DEBUG [1350441797] Has 2 candidate keys for validation.
Nov 10 19:28:17 simplesamlphp DEBUG [1350441797] Validation with key #0 failed without exception.
Nov 10 19:28:17 simplesamlphp DEBUG [1350441797] Validation with key #1 failed without exception.
My authsources.php file has the
'privatekey' => '/etc/xdmod/simplesamlphp/cert/xdmod.key',
'certificate' => '/etc/xdmod/simplesamlphp/cert/xdmod.crt',
I put a self-signed one that I use for Open OnDemand, but it works with the XDMoD standard.
Hello,
I believe the issue is in the way its reading my metadata. Here’s what my /etc/xdmod/simplesamlphp/config/config.php looks like
'metadata.sources' => [ ['type' => 'flatfile', 'directory' => '/etc/xdmod/simplesamlphp/metadata/'], ],
Could you take a look at your file and see if there’s something wrong in the way I’ve set mine. Seems like sources is needed only in case of 2+ metadata files
Here is my config.php file (with the comments removed)
<?php
$config = array(
'baseurlpath' => 'simplesaml/',
'certdir' => 'cert/',
'loggingdir' => 'log/',
'datadir' => 'data/',
'tempdir' => '/tmp/simplesaml',
'technicalcontact_name' => 'Administrator',
'technicalcontact_email' => 'user@email.com',
'timezone' => null,
'secretsalt' => 'm00uu0u2muam0muu222uaumm00u20u2a',
'auth.adminpassword' => 'cGVSJoqisVCVvrgqReQbph9CztZYxZmkkyPcwUR8MTep4WpUqnR2Sw==',
'admin.protectindexpage' => false,
'admin.protectmetadata' => false,
'admin.checkforupdates' => true,
'trusted.url.domains' => array('hpcc.exacta.eu.org'),
'trusted.url.regex' => false,
'enable.http_post' => false,
'debug' => array(
'saml' => false,
'backtraces' => true,
'validatexml' => false,
),
'showerrors' => true,
'errorreporting' => true,
'logging.level' => SimpleSAML\Logger::NOTICE,
'logging.handler' => 'syslog',
'logging.facility' => defined('LOG_LOCAL5') ? constant('LOG_LOCAL5') : LOG_USER,
'logging.processname' => 'simplesamlphp',
'logging.logfile' => 'simplesamlphp.log',
'statistics.out' => array(// Log statistics to the normal log.
),
'proxy' => null,
'database.dsn' => 'mysql:host=localhost;dbname=saml',
'database.username' => 'simplesamlphp',
'database.password' => 'secret',
'database.options' => array(),
'database.prefix' => '',
'database.driver_options' => array(),
'database.persistent' => false,
'database.slaves' => array(
),
'enable.saml20-idp' => true,
'enable.shib13-idp' => false,
'enable.adfs-idp' => false,
'enable.wsfed-sp' => false,
'enable.authmemcookie' => false,
'default-wsfed-idp' => 'urn:federation:pingfederate:localhost',
'shib13.signresponse' => true,
'session.duration' => 8 * (60 * 60), // 8 hours.
'session.datastore.timeout' => (4 * 60 * 60), // 4 hours
'session.state.timeout' => (60 * 60), // 1 hour
'session.cookie.name' => 'SimpleSAMLSessionID',
'session.cookie.lifetime' => 0,
'session.cookie.path' => '/',
'session.cookie.domain' => null,
'session.cookie.secure' => false,
'session.phpsession.cookiename' => 'SimpleSAML',
'session.phpsession.savepath' => null,
'session.phpsession.httponly' => true,
'session.authtoken.cookiename' => 'SimpleSAMLAuthToken',
'session.rememberme.enable' => false,
'session.rememberme.checked' => false,
'session.rememberme.lifetime' => (14 * 86400),
'memcache_store.servers' => array(
array(
array('hostname' => 'localhost'),
),
),
'memcache_store.prefix' => '',
'memcache_store.expires' => 36 * (60 * 60), // 36 hours.
'language' => array(
'priorities' => array(
'no' => array('nb', 'nn', 'en', 'se'),
'nb' => array('no', 'nn', 'en', 'se'),
'nn' => array('no', 'nb', 'en', 'se'),
'se' => array('nb', 'no', 'nn', 'en'),
),
),
'language.available' => array(
'en', 'no', 'nn', 'se', 'da', 'de', 'sv', 'fi', 'es', 'ca', 'fr', 'it', 'nl', 'lb',
'cs', 'sl', 'lt', 'hr', 'hu', 'pl', 'pt', 'pt-br', 'tr', 'ja', 'zh', 'zh-tw', 'ru',
'et', 'he', 'id', 'sr', 'lv', 'ro', 'eu', 'el', 'af'
),
'language.rtl' => array('ar', 'dv', 'fa', 'ur', 'he'),
'language.default' => 'en',
'language.parameter.name' => 'language',
'language.parameter.setcookie' => true,
'language.cookie.name' => 'language',
'language.cookie.domain' => null,
'language.cookie.path' => '/',
'language.cookie.secure' => false,
'language.cookie.httponly' => false,
'language.cookie.lifetime' => (60 * 60 * 24 * 900),
'language.i18n.backend' => 'SimpleSAMLphp',
'attributes.extradictionary' => null,
'theme.use' => 'default',
'template.auto_reload' => false,
'production' => true,
'idpdisco.enableremember' => true,
'idpdisco.rememberchecked' => true,
'idpdisco.validate' => true,
'idpdisco.extDiscoveryStorage' => null,
'idpdisco.layout' => 'dropdown',
'authproc.idp' => array(
30 => 'core:LanguageAdaptor',
45 => array(
'class' => 'core:StatisticsWithAttribute',
'attributename' => 'realm',
'type' => 'saml20-idp-SSO',
),
50 => 'core:AttributeLimit',
99 => 'core:LanguageAdaptor',
),
'authproc.sp' => array(
90 => 'core:LanguageAdaptor',
),
'metadata.sources' => array(
array('type' => 'flatfile', 'directory' => '/etc/xdmod/simplesamlphp/metadata/'),
),
'metadata.sign.enable' => false,
'metadata.sign.privatekey' => null,
'metadata.sign.privatekey_pass' => null,
'metadata.sign.certificate' => null,
'metadata.sign.algorithm' => null,
'store.type' => 'phpsession',
'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3',
'store.sql.username' => null,
'store.sql.password' => null,
'store.sql.prefix' => 'SimpleSAMLphp',
'store.redis.host' => 'localhost',
'store.redis.port' => 6379,
'store.redis.prefix' => 'SimpleSAMLphp',
);
Here is my authsources.php file (with the comments removed)
<?php
$config = array(
'default-sp' => array(
'saml:SP',
'entityID' => 'xdmod.domain',
'idp' => 'https://keycloak.domain/realms/oondemand',
'privatekey' => '/etc/xdmod/simplesamlphp/cert/xdmod.key',
'certificate' => '/etc/xdmod/simplesamlphp/cert/xdmod.crt',
'discoURL' => null,
'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
'authproc' => array(
40 => array(
'class' => 'core:AttributeMap',
'urn:oid:0.9.2342.19200300.100.1.1' => 'username',
'urn:oid:1.2.840.113549.1.9.1' => 'email_address',
'urn:oid:2.5.4.42' => 'first_name',
'urn:oid:2.5.4.4' => 'last_name'
),
)
),
'admin' => array(
'core:AdminPassword',
),
);
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.