SAML auth failed

We have a problem with xibo 4.0.2 (docker installation) with SAML authentification

I think the php8.0 doesn’t accept the function :
Deprecated : Function libxml_disable_entity_loader() is deprecated in /var/www/cms/vendor/onelogin/php-saml/src/Saml2/Utils.php on line 85

Do you have any solution ?
Thanks Best regards

Hi and welcome to the Community!

Have you got your CMS in test mode? If so can you put it into Production and see if that then works? If it doesn’t, it will be an error in your SAML configuration.

Hi and thank you for your welcome
Yes i’m in test mode for checking the error, but when i pass in production i have only this error :

My SAML configuration is good i think because my IDP redirect to xibo
The problem in production mode is i can’t log this error with docker-compose logs -f

Enable debug in the SAML configuration and it will log to that screen why the SAML login wasn’t successful; SAML as an Authentication Provider | Xibo Digital Signage

I active the debug option in my settings but there is no error in the log in docker-compose logs :

$samlSettings = array (
   'workflow' => array(
        // Enable/Disable Just-In-Time provisioning
        'jit' => true,
        // Attribute to identify the user 
        // if set to nameId then the NameID from SAML will be taken and used as the
        // username in Xibo.
        'field_to_identify' => 'UserName',   // Alternatives: UserID, UserName, email
        // Default libraryQuota assigned to the created user by JIT
        'libraryQuota' => 1000,
        // Initial User Group
        'group' => 'Users',
        // Home Page
        'homePage' => 'icondashboard.view',
        // Enable/Disable Single Logout
        'slo' => true,
        // Attribute mapping between XIBO-CMS and the IdP
         'mapping' => array (
            'UserID' => '',
            'usertypeid' => '',
            'UserName' => 'uid',
           'email' => 'mail',
   // Configure the IdP and SP
   'strict' => false,
   'debug' => true,
   'idp' => array (
            'entityId' => 'xxxxxxxx/idp/shibboleth',
            'singleSignOnService' => array (
                'url' => 'https://xxxxxxx/idp/profile/SAML2/Redirect/SSO',
            'singleLogoutService' => array (
                'url' => 'https://xxxxxx/idp/profile/SAML2/POST/SLO',
            'x509cert' => 'xxxxxxxx',
   'sp' => array (
        'entityId' => 'https://xxxxx/saml/metadata',
        'assertionConsumerService' => array (
            'url' => 'https://xxxxx/saml/acs',
        'singleLogoutService' => array (
            'url' => 'https://xxxxx/saml/sls',
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress',
        'x509cert' => 'xxxx',
        'privateKey' > 'xxxxx',
    'security' => array (
        'nameIdEncrypted' => false,
        'authnRequestsSigned' => false,
        'logoutRequestSigned' => false,
        'logoutResponseSigned' => false,
        'signMetadata' => false,
        'wantMessagesSigned' => false,
        'wantAssertionsSigned' => false,
        'wantAssertionsEncrypted' => false,
        'wantNameIdEncrypted' => false,

My IDP is a shibboleth and return to xibo with no problem. I thinks the problem is the jit but there is no logs about this.

Hi, there won’t be any error in the docker-compose logs, the error will be printed in the browser above the box that says the SAML login failed

You also need strict => true as any other setting will not give you a secure login.

Hi and thanks a lot Natasha
I put strict => true and now the return of my IDP is on http:// but i put https:// in all the config :

My assertionConsumerService is in https://

Are you using a reverse proxy? If so you will need to add \OneLogin\Saml2\Utils::setProxyVars(true); to the end of settings-custom.php

Sorry the problem continue
I test with 2 different reverse-proxy, and with the instruction \OneLogin\Saml2\Utils::setProxyVars(true);
and now the problem is :

I think the approvisioning/mapping is not good but i have no trace in the logs

‘mapping’ => array (
‘UserID’ => ‘’,
‘usertypeid’ => ‘’,
‘UserName’ => ‘uid’,
‘email’ => ‘mail’,


This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.