Mahara

Mahara SAML auth broken with Simplesamlphp 1.14.x

Bug #1560131 reported by kloostec
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Mahara
Fix Released
High
Unassigned
15.04
Won't Fix
High
Unassigned
15.10
Won't Fix
High
Unassigned
16.04
Won't Fix
High
Unassigned
16.10
Fix Released
High
Unassigned
Mahara 16.10.0

Bug Description

When attempting to use Mahara 15.10.1 on Ubuntu 14.04.4 with Simplesamlphp 1.14.x, I attempt to SSO login and get the error:

PHP Fatal error: Call to undefined method SimpleSAML_Session::getInstance() in /cluster/www/sites/secure.smus.ca/www/mahara/auth/saml/index.php on line 56

This appears to be because the Simplesamlphp people removed the function call SimpleSAML_Session::getInstance() in version 1.14.0:

https://simplesamlphp.org/docs/stable/simplesamlphp-upgrade-notes-1.14

I looked at auth/saml/index.php and it doesn't look like there are too many times that $saml_session is used. I'll see if I can figure out what to use in place of the $saml_session stuff.

Revision history for this message
kloostec (kloostec) wrote :

This diff fixed logins and logouts on our server with SimpleSAMLPHP 1.14.2.

It appears that they've taken away the ability to query the SimpleSAML_Session object for many parameters. For example, instead of:

$saml_session->getIdP();

they want you to do:

$as->getAuthData('saml:sp:IdP');

I couldn't figure out a good way to replace ->getAuthority() so I moved the code to figure out which SP to use above the logout functionality and use that instead. This is probably just because I don't work with the SimpleSAMLPHP code enough to understand where that functionality went.

Chris

Revision history for this message
Kristina Hoeppner (kris-hoeppner) wrote :

Hi Chris,

Thank you very much for the patch. We'll take a look.

Cheers
Kristina

Changed in mahara:
status: New → Triaged
importance: Undecided → High
milestone: none → 16.04.0
Revision history for this message
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review

Patch for "master" branch: https://reviews.mahara.org/6433

Revision history for this message
Aaron Wells (u-aaronw) wrote :

Thanks for the patch, kloostec! I've pushed it into our Gerrit code review system here: https://reviews.mahara.org/6433

Let me know if you'd like me to change the author line. I based it on your Launchpad account.

Cheers,
Aaron

Revision history for this message
Mahara Bot (dev-mahara) wrote :

Patch for "16.04_STABLE" branch: https://reviews.mahara.org/6719

Revision history for this message
Aaron Wells (u-aaronw) wrote :

The first patch for Bug 1579285 wound up re-implementing the same things, so this patch is no longer needed for the master (16.10) branch.

The earlier branches are still affected, which is to say they're incompatible with SimpleSAMLPHP 1.14.x. But I think the code change is not backwards-compatible with older SimpleSAMLPHP versions, so that makes it too risky to include in a minor version release because it might break someone's existing setup.

Revision history for this message
kaefert (kaefert) wrote :

I can confirm that the patch works for mahara 15.10.2 with simplesamlphp-1.14.6

Revision history for this message
Robert Lyon (robertl-9) wrote :

FYI: The patches listed above have been abandoned

Changed in mahara:
milestone: 16.04.1 → none
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.