Going on 5 years ago, I had to do some integrations with SimpleSAMLPhp for a client. Now, in a Day Job, one of my colleagues is trying to get an integration working, and I’m amused that they find that my post is top hit when they google the error.
Anywho… what I wrote in my post wasn’t working, so I had to dig a little deeper.
Logins were working, but not from Chrome.
After digging into it a little, I found that SameSite
headers were being set on the cookie, but no Secure
flag.
This is Not Good, and so a lot of the more security focussed browsers will ignore these headers. You can even see this if you look at your developer tools.
Ok, so set the secure
flag in your app, and job done, right?
Well. Normally, yes. But the added complexity comes from how our estate is currently configured – containers sat behind a load balancing gateway. This gateway, running haproxy
, performs SSL offloading (yes, I know, NSA Smiley, but this is just temporary).
Solution
Once I figured out what was going on, the fix is quite simple. Namely, rewrite any cookies coming from the backend containers to include the secure
flag.
This is fine, since none of our services are available over vanilla HTTP.
Adding the following:
rspirep ^(set-cookie:.*) \1;\ Secure
Did the trick after a restart.
Of course, previous tips still apply, you’re going to want to clear your caches etc so that the old cookie isn’t preserved, etc.
Hope this helps!
Hi,
I have recently updated PHP version from 7.1 to 7.4 on RHEL. after that SSO has stopped working for wordpress applications. login page is going in to infinite loop and finally i can see below error
SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
1 www/_include.php:17 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: Exception: Unable to find the SAML 2 binding used for this request.
Backtrace:
3 vendor/simplesamlphp/saml2/src/SAML2/Binding.php:107 (SAML2\Binding::getCurrentBinding)
2 modules/saml/www/sp/saml2-acs.php:18 (require)
1 lib/SimpleSAML/Module.php:266 (SimpleSAML\Module::process)
0 www/module.php:10 (N/A)
I have verified configuration in php.ini, and in other conf files, nothing got changed. before upgrading the php we even tested the application by upgrading the simplesaml library to latest 1.19.0.
Can you please help /provide any suggestion how we can fix this issue.
I’m afraid I’ve not come across this issue myself, but you might want to try this stack overflow post: https://stackoverflow.com/questions/38412992/unable-to-find-the-saml-2-binding-used-for-this-request-array#39534000