SAML authentication does not start

Anna_Oliveira · December 26, 2022, 3:04pm

To be completed by the original poster:

CMS Version

3.3.0

Player Type

Linux Ubuntu

Issue

My cms is customized, due to the need for corporate security.

I am implementing the authentication → SAML as an Authentication Provider | Xibo Digital Signage

But when I start the cms service it doesn’t identify the configuration I made in reference in the settings.php file for settings-custom.php

/opt/xibo-v2/web/settings.php:

<?php

/*
 * Xibo - Digital Signage - http://www.xibo.org.uk
 *
 * This file is part of Xibo - and is automatically generated by the installer
 *
 * You should not need to edit this file, unless your SQL connection details have changed.
 */

defined('XIBO') or die(__("Sorry, you are not allowed to directly access this page.") . "<br />" . __("Please press the back button in your browser."));

global $dbhost;
global $dbuser;
global $dbpass;
global $dbname;
global $dbssl;
global $dbsslverify;

$dbhost = $_SERVER['MYSQL_HOST'] . ':' . $_SERVER['MYSQL_PORT'];
$dbuser = $_SERVER['MYSQL_USER'];
$dbpass = $_SERVER['MYSQL_PASSWORD'];
$dbname = $_SERVER['MYSQL_DATABASE'];
$dbssl = $_SERVER['MYSQL_ATTR_SSL_CA'];
$dbsslverify = $_SERVER['MYSQL_ATTR_SSL_VERIFY_SERVER_CERT'];

if (!defined('SECRET_KEY')) {
    define('SECRET_KEY','LuuVaCCI');
}

if (array_key_exists('CMS_USE_MEMCACHED', $_SERVER)
    && ($_SERVER['CMS_USE_MEMCACHED'] === true || $_SERVER['CMS_USE_MEMCACHED'] === 'true')
) {
    global $cacheDrivers;
    $cacheDrivers = [
        new Stash\Driver\Memcache([
            'servers' => [$_SERVER['MEMCACHED_HOST'], $_SERVER['MEMCACHED_PORT']],
            'CONNECT_TIMEOUT' => 10,
        ])
    ];
}

if (file_exists('/opt/xibo-v2/custom/settings-custom.php')) {
    include('/opt/xibo-v2/custom/settings-custom.php');
}

?>

/opt/xibo-v2/custom/settings-custom.php:

<?php

# If you need to add custom configuration settings to the CMS settings.php file,
# this is the place to do it.

# For example, if you want to configure SAML authentication, you can add the
# required configuration here

$authentication = new \Xibo\Middleware\SAMLAuthentication();
$samlSettings = array (
   'workflow' => array(
#        // Enable/Disable Just-In-Time provisioning
        'jit' => true,
#        // Attribute to identify the user 
        'field_to_identify' => 'email',   // Alternatives: UserID, UserName or email
#        // Default libraryQuota assigned to the created user by JIT
        'libraryQuota' => 1000,
#        // Initial User Group
        'group' => 'Users',
#        // Home Page
        'homePage' => 'icondashboard.view',
#        // Enable/Disable Single Logout
        'slo' => true,
#        // Attribute mapping between XIBO-CMS and the IdP
        'mapping' => array (
            'email' => 'url schemas',
        )
    ),
#   // Settings for the PHP-SAML toolkit. 
#   // See documentation: https://github.com/onelogin/php-saml#settings 
   'strict' => false,
   'debug' => true,
   'idp' => array (
	   'entityId' => 'url entity',
            'singleSignOnService' => array (
		    'url' => 'url-signon',
		    'binding' => 'urn:oasis.....,
            ),
            'singleLogoutService' => array (
		    'url' => 'url/logout',
		    'binding' => 'urn:oasis....',
            ),
            'x509cert' => 'certificated', 
    ),
   'sp' => array (
        'entityId' => 'https://url/saml/metadata',
        'assertionConsumerService' => array (
            'url' => 'https://url/saml/acs',
        ),
        'singleLogoutService' => array (
            'url' => 'https://url/saml/sls',
        ),
        'NameIDFormat' => 'urn:oasis.....',
        'x509cert' => 'certificado',
#        'privateKey' > '',
    ),
    'security' => array (
        'nameIdEncrypted' => false,
        'authnRequestsSigned' => false,
        'logoutRequestSigned' => false,
        'logoutResponseSigned' => false,
        'signMetadata' => false,
        'wantMessagesSigned' => false,
        'wantAssertionsSigned' => false,
        'wantAssertionsEncrypted' => false,
        'wantNameIdEncrypted' => false,
    )
);

?>

following the documentation I no longer see where I should correct or reference the saml configuration.

in the index file has the following reference:

// Authentication

$authentication = ($container->get('configService')->authentication != null)

? $container->get('configService')->authentication

: (new \Xibo\Middleware\WebAuthentication());

$app->add($authentication->setDependencies($app)->addRoutes());

$app->add(new RKA\Middleware\IpAddress(true, []));

// Handle additional Middleware

\Xibo\Middleware\State::setMiddleWare($app);

// TODO reconfigure this and enable

//$app->add(new Xibo\Middleware\HttpCache());

$app->add(new \Xibo\Middleware\State($app));

$app->add(new \Xibo\Middleware\Log($app));

$app->add(TwigMiddleware::createFromContainer($app));

$app->add(new \Xibo\Middleware\Storage($app));

$app->add(new \Xibo\Middleware\Xmr($app));

$app->addRoutingMiddleware();

//

// End Middleware

//

should I comment or edit here?

error editing web/index.php file

What else must I fix to make it work?

Best regards

dan · December 28, 2022, 11:39am

Hi and welcome.

You seem to have a mix of installation methods (/var/www/cms and /opt/xibo). Can you confirm exactly how you’ve installed the CMS?

However you’ve installed, the only file you should need to modify is the settings-custom.php file.

The error you have there is when you enable the SAMLAuthentication middleware without providing a SAML settings.

Thanks,
Dan

Anna_Oliveira · January 3, 2023, 3:35pm

Thanks for the information, the information in our saml that was incorrect.

system · April 4, 2023, 9:36pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.