#163 ipsilon client redirect not working with custom saml paths
Closed: Fixed None Opened 5 years ago by rcritten.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1253821

Description of problem:

I'm trying to set custom SAML2 paths with ipsilon-client-install and I'm seeing
problems with the redirect.


[root@client1 ~]# ipsilon-client-install --saml-auth /secure1 --saml-idp-url
https://idp.testrelm.test/idp --saml-sp-name $(hostname -s) --saml-base /base1
--saml-sp /base1/saml2 --saml-sp-logout /base1/saml2/logout --saml-sp-post
/base1/saml2/postResponse --saml-idp-metadata
https://idp.testrelm.test/idp/saml2/metadata
Generating a 2048 bit RSA private key
........................+++
..................................................+++
writing new private key to
'/etc/httpd/saml2/client1.testrelm.test/certificate.key'
-----
admin password:

[root@client1 httpd]# !curl
curl https://$(hostname)/secure1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>303 See Other</title>
</head><body>
<h1>See Other</h1>
<p>The answer to your request is located <a href="https://client1.testrelm.test
/mellon/login?ReturnTo=https%3A%2F%2Fclient1.testrelm.test%2Fsecure1&amp;IdP=(n
ull)">here</a>.</p>
</body></html>

Above it looks like the redirect points to IdP=(null).

But, when I let install with default saml paths, it has something like:

https%3A%2F%2Fidp.testrelm.test%2Fidp%2Fsaml2%2Fmetadata

And, in ssl_error_log, I see this:

[Fri Aug 14 14:29:04.916670 2015] [:error] [pid 25793] [client
192.168.122.73:40400] Error adding IdP to lasso server object. Please verify
the following configuration directives: MellonIdPMetadataFile and
MellonIdPPublicKeyFile.



Version-Release number of selected component (if applicable):
ipsilon-client-1.0.0-5.el7.noarch

How reproducible:
unknown

Steps to Reproduce:
1.  Install IPA Server and 2+ clients
2.  ipsilon-server-install --ipa --info-sssd=yes --form=yes
3.  Install SP with ipsilon-client-install
ipsilon-client-install --saml-auth /secure1 --saml-idp-url
https://idp.testrelm.test/idp --saml-sp-name $(hostname -s) --saml-base /base1
--saml-sp /base1/saml2 --saml-sp-logout /base1/saml2/logout --saml-sp-post
/base1/saml2/postResponse --saml-idp-metadata
https://idp.testrelm.test/idp/saml2/metadata
4.   setup web

[root@client1 log]# cat /var/www/html/secure1/index.html
<html><title>Secure</title>Hello there...from client1.testrelm.test ...<br>
<a href="/base1/saml2/logout?ReturnTo=https://client1.testrelm.test/logged_out.
html">Log out</a>
<hr>
<!--#printenv -->

5.  check secure access for redirect

curl https://$(hostname)/secure1

Actual results:
message like above

<p>The answer to your request is located <a href="https://client1.testrelm.test
/mellon/login?ReturnTo=https%3A%2F%2Fclient1.testrelm.test%2Fsecure1&amp;IdP=(n
ull)">here</a>.</p>

Expected results:
More like other setup here:


<p>The answer to your request is located <a href="https://client1.testrelm.test
/saml2/login?ReturnTo=https%3A%2F%2Fclient1.testrelm.test%2Fsecure%2F&amp;IdP=h
ttps%3A%2F%2Fidp.testrelm.test%2Fidp%2Fsaml2%2Fmetadata">here</a>.</p>

Additional info:

https://pagure.io/ipsilon/pull-request/32

design_link: =>
owner: => rcritten
patch_available: => 1
status: new => accepted

This has been merged upstream: 3b079b3

resolution: => fixed
status: accepted => closed

Metadata Update from @puiterwijk:
- Issue assigned to rcritten
- Issue set to the milestone: 1.1

4 years ago

Login to comment on this ticket.

Metadata