Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML2 metadata page does not load if IDP metadata page is unavailable #2480

Closed
pillbox1234567 opened this issue Jan 12, 2021 · 1 comment
Closed

SAML2 metadata page does not load if IDP metadata page is unavailable #2480

pillbox1234567 opened this issue Jan 12, 2021 · 1 comment
Labels
🐛 Bug 🚪 Authentication 🏭 Back-End
Milestone
v22.10

Comments

@pillbox1234567
Copy link

pillbox1234567 commented Jan 12, 2021
edited by ssddanbrown
Loading

Describe the bug
SAML2 metadata page does not load if IdP metadata page is unavailable and SAML2_AUTOLOAD_METADATA=true. This is an issue if the IdP is configured to load metadata from BookStack because it creates a dependency loop.

Steps To Reproduce
Steps to reproduce the behavior:

  1. Configure SAML2 authentication where the SAML2_IDP_ENTITYID points to a URL which returns a 504 error and set SAML2_AUTOLOAD_METADATA=true
  2. Attempt to load the (bookstack_url/saml2/metadata) page
  3. See error

Expected behavior
The metadata URL (bookstack_url/saml2/metadata) should load correctly regardless of whether the IdP metadata URL is available

Your Configuration (please complete the following information):

  • Exact BookStack Version (Found in settings): v0.31.3
  • PHP Version: 7.4
  • Hosting Method (Nginx/Apache/Docker): nginx
  • IdP: ClassLink

Additional context
Stack trace from laravel.log

[2021-01-12 15:28:06] production.ERROR: Error on parseRemoteXML. The requested URL returned error: 504  {"exception":"[object] (Exception(code: 0): Error on parseRemoteXML. The requested URL returned error: 504  at /var/www/apps/BookStack/vendor/onelogin/php-saml/src/Saml2/IdPMetadataParser.php:59)
[stacktrace]
#0 /var/www/apps/BookStack/app/Auth/Access/Saml2Service.php(174): OneLogin\\Saml2\\IdPMetadataParser::parseRemoteXML('https://idp.cla...')
#1 /var/www/apps/BookStack/app/Auth/Access/Saml2Service.php(143): BookStack\\Auth\\Access\\Saml2Service->getToolkit()
#2 /var/www/apps/BookStack/app/Http/Controllers/Auth/Saml2Controller.php(52): BookStack\\Auth\\Access\\Saml2Service->metadata()
#3 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(54): BookStack\\Http\\Controllers\\Auth\\Saml2Controller->metadata()
#4 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php(45): Illuminate\\Routing\\Controller->callAction('metadata', Array)
#5 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(219): Illuminate\\Routing\\ControllerDispatcher->dispatch(Object(Illuminate\\Routing\\Route), Object(BookStack\\Http\\Controllers\\Auth\\Saml2Controller), 'metadata')
#6 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Route.php(176): Illuminate\\Routing\\Route->runController()
#7 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(681): Illuminate\\Routing\\Route->run()
#8 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(130): Illuminate\\Routing\\Router->Illuminate\\Routing\\{closure}(Object(BookStack\\Http\\Request))
#9 /var/www/apps/BookStack/app/Http/Middleware/CheckGuard.php(25): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#10 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): BookStack\\Http\\Middleware\\CheckGuard->handle(Object(BookStack\\Http\\Request), Object(Closure), 'saml2')
#11 /var/www/apps/BookStack/app/Http/Middleware/GlobalViewData.php(25): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#12 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): BookStack\\Http\\Middleware\\GlobalViewData->handle(Object(BookStack\\Http\\Request), Object(Closure))
#13 /var/www/apps/BookStack/app/Http/Middleware/Localization.php(76): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#14 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): BookStack\\Http\\Middleware\\Localization->handle(Object(BookStack\\Http\\Request), Object(Closure))
#15 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php(77): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#16 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\VerifyCsrfToken->handle(Object(BookStack\\Http\\Request), Object(Closure))
#17 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#18 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\View\\Middleware\\ShareErrorsFromSession->handle(Object(BookStack\\Http\\Request), Object(Closure))
#19 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(56): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#20 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Session\\Middleware\\StartSession->handle(Object(BookStack\\Http\\Request), Object(Closure))
#21 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#22 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(BookStack\\Http\\Request), Object(Closure))
#23 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(67): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#24 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(BookStack\\Http\\Request), Object(Closure))
#25 /var/www/apps/BookStack/app/Http/Middleware/ControlIframeSecurity.php(31): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#26 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): BookStack\\Http\\Middleware\\ControlIframeSecurity->handle(Object(BookStack\\Http\\Request), Object(Closure))
#27 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#28 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(683): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#29 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(658): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(BookStack\\Http\\Request))
#30 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(624): Illuminate\\Routing\\Router->runRoute(Object(BookStack\\Http\\Request), Object(Illuminate\\Routing\\Route))
#31 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(613): Illuminate\\Routing\\Router->dispatchToRoute(Object(BookStack\\Http\\Request))
#32 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(170): Illuminate\\Routing\\Router->dispatch(Object(BookStack\\Http\\Request))
#33 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(130): Illuminate\\Foundation\\Http\\Kernel->Illuminate\\Foundation\\Http\\{closure}(Object(BookStack\\Http\\Request))
#34 /var/www/apps/BookStack/vendor/fideloper/proxy/src/TrustProxies.php(57): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#35 /var/www/apps/BookStack/app/Http/Middleware/TrustProxies.php(39): Fideloper\\Proxy\\TrustProxies->handle(Object(BookStack\\Http\\Request), Object(Closure))
#36 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): BookStack\\Http\\Middleware\\TrustProxies->handle(Object(BookStack\\Http\\Request), Object(Closure))
#37 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#38 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(BookStack\\Http\\Request), Object(Closure))
#39 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#40 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\ValidatePostSize->handle(Object(BookStack\\Http\\Request), Object(Closure))
#41 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(63): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#42 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(171): Illuminate\\Foundation\\Http\\Middleware\\CheckForMaintenanceMode->handle(Object(BookStack\\Http\\Request), Object(Closure))
#43 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(105): Illuminate\\Pipeline\\Pipeline->Illuminate\\Pipeline\\{closure}(Object(BookStack\\Http\\Request))
#44 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\\Pipeline\\Pipeline->then(Object(Closure))
#45 /var/www/apps/BookStack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(110): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(BookStack\\Http\\Request))
#46 /var/www/apps/BookStack/public/index.php(56): Illuminate\\Foundation\\Http\\Kernel->handle(Object(BookStack\\Http\\Request))
#47 {main}
"}
@ssddanbrown ssddanbrown added this to the Next Feature Release milestone Oct 3, 2022
ssddanbrown added a commit that referenced this issue Oct 16, 2022
@ssddanbrown
Prevented saml2 autodiscovery on metadata load
f0ac454 
Fixes issue where metadata cannot be viewed if autload is active and
entityid url is not active.
For #2480
@ssddanbrown
Copy link
Member

Thanks for raising @pillbox1234567 and sorry for the delayed response.

Has now been addressed within f0ac454, Will be part of the next feature release.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛 Bug 🚪 Authentication 🏭 Back-End
Milestone
v22.10
Development

No branches or pull requests
2 participants
@ssddanbrown @pillbox1234567