Testing wp-saml-auth from Docker container

  • Resolved edrowan

    (@edrowan)


    7 years, 5 months ago

    I have an installation of WordPress on a local Docker Container, running at wp.test.
    We are using a custom framework for development that alters the installation path.
    For example, when trying to access the wp-admin, the path is wp.test/wp/wp-admin not wp.test/wp-admin
    So logging in, we are pointed to wp.test/wp/wp-login

    We are using Onelogin library as the connection bridge, and according to their docs, our AssertionConsumerService should be https://wp.test/wp-login.php?saml_acs. With our custom framework, this results in https://wp.test/wp/wp-login.php?saml_acs

    I am having problems getting authentication to work with ssocircle & testshib.

    With ssocircle, I am receiving an error of “Issuer in Request is Invalid” – but am unable to dig any deeper for a root cause.
    With testshib, the error is “SAML 2 SSO profile is not configured for relying party urn:wp.test”

    Using the Onelogin validation tool, the metadata is valid. It was also cucessfully uploaded to both test IDP’s.

    Have you any suggestions as to how to get our docker image working with testshib or ssocircle?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Daniel Bachhuber

    (@danielbachhuber)

    Have you any suggestions as to how to get our docker image working with testshib or ssocircle?

    Tough question ?? I have some ideas, but I’m mostly grabbing blindly in the dark. Here are some follow up questions:

    * Can you share your WP SAML Auth configuration (with any secrets obfuscated) so I can see if any values are missing (or seem incorrect)?
    * To confirm, you’ve generated a x509cert and used file_get_contents() to pull it into ['idp']['x509cert']?
    * Can you tweak your WP installation script to install to wp.test so you can verify the discrepancy isn’t the domain + path mismatch?

    If you want to test against SimpleSAMLPHP, the integration test setup script offers detail on how to configure it in IdP mode.

    Good luck!

    Thread Starter edrowan

    (@edrowan)

    Daniel, thanks for the quick response. I have actually resolved half the issue now! The problem of actually connecting to testhib for authentication, I is working. It was an issued with the entityID not being unique enough ??

    My issue now is that when it resolved back to my consumer service location, I get a “Responder -> Unable to encrypt assertion” error.

    To clarify the above, I set signed assertions to false, so I have not generated a x5009cert. I thought file_get_contents() was used to load the idp’s public certificate?

    Thanks, Ed

    Plugin Author Daniel Bachhuber

    (@danielbachhuber)

    Daniel, thanks for the quick response. I have actually resolved half the issue now!

    Cool ??

    > To clarify the above, I set signed assertions to false, so I have not generated a x5009cert. I thought file_get_contents() was used to load the idp’s public certificate?

    It loads the private certificate into memory so the OneLogin library knows how to verify the signed response.

    If I recall correctly, it’s only possible to disable signed assertions by specifying some debug flag.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Testing wp-saml-auth from Docker container’ is closed to new replies.