Hi All,
We’ve just upgraded to 1.8.11, and moved to PHP 7. Now SAML Authentication isn’t working. The SAMLResponse comes in OK, but the application crashes when trying to generate a new session for the authenticated user, with the error 'session_regenerate_id(): Cannot regenerate session id - headers already sent
The stack trace is:
#0 [internal function]: Slim\Slim::handleErrors(2, ''session_regener...'', ''F:\<Our Site>...'', 289, Array)
#1 F:\<Our Site>\lib\Helper\Session.php(289): session_regenerate_id(true)
#2 F:\<Our Site>\lib\Middleware\SAMLAuthentication.php(298): Xibo\Helper\Session->regenerateSessionId()
#3 [internal function]: Xibo\Middleware\SAMLAuthentication->Xibo\Middleware\{closure}()
#4 F:\<Our Site>\vendor\slim\slim\Slim\Route.php(468): call_user_func_array(Object(Closure), Array)
#5 F:\<Our Site>\vendor\slim\slim\Slim\Slim.php(1355): Slim\Route->dispatch()
#6 F:\<Our Site>\vendor\slim\slim\Slim\Middleware\Flash.php(85): Slim\Slim->call()
#7 F:\<Our Site>\vendor\slim\slim\Slim\Middleware\MethodOverride.php(92): Slim\Middleware\Flash->call()
#8 F:\<Our Site>\lib\Middleware\Actions.php(160): Slim\Middleware\MethodOverride->call()
#9 F:\<Our Site>\lib\Middleware\Theme.php(36): Xibo\Middleware\Actions->call()
#10 F:\<Our Site>\lib\Middleware\SAMLAuthentication.php(414): Xibo\Middleware\Theme->call()
#11 F:\<Our Site>\lib\Middleware\CsrfGuard.php(63): Xibo\Middleware\SAMLAuthentication->call()
#12 F:\<Our Site>\lib\Middleware\State.php(122): Xibo\Middleware\CsrfGuard->call()
#13 F:\<Our Site>\lib\Middleware\Storage.php(47): Xibo\Middleware\State->call()
#14 F:\<Our Site>\lib\Middleware\Xmr.php(37): Xibo\Middleware\Storage->call()
#15 F:\<Our Site>\vendor\slim\slim\Slim\Slim.php(1300): Xibo\Middleware\Xmr->call()
#16 F:\<Our Site>\web\index.php(124): Slim\Slim->run()
#17 {main}'
Because this didn’t happen with PHP 5.x I suspect it’s something that’s changed in 7. Has anybody encountered this and found what to do about it? We’re running on IIS.
edit: In php_errors.log, there is a little more information: headers already sent in \web\xmds.php on line 254
I’m not clear how xmds.php is getting in the way of authentication, though.