Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hi
and again I added some debug prints to SOGoSAML2Session.m. Now the
important part looks like
---
- (void) processAuthnResponse: (NSString *) authnResponse
NSPrintErr(@"lasso_profile_get_identity:");
lasso_identity = lasso_profile_get_identity (profile);
if (lasso_identity)
{
dump = lasso_identity_dump (lasso_identity);
nsDump = [NSString stringWithUTF8String: dump];
NSPrintErr(@"nsDumpB: %@", nsDump);
[saml2Dump setObject: nsDump forKey: @"identity"];
NSPrintErr(@"identityAA: %@", nsDump);
lasso_identity_destroy (lasso_identity);
NSPrintErr(@"lasso_identity_destroy/post");
}
NSPrintErr("sharedCache/pre");
[[SOGoCache sharedCache] setSaml2LoginDumps: saml2Dump
forIdentifier: identifier];
NSPrintErr("sharedCache/post");
free (responseData);
}
---
Again I tried to login, get redirected to keycloak (21.1.2, just
upgraded today) and after comming back to sogo this gets logged:
---
lasso_profile_get_identity:
nsDumpB: xmlns="http://www.entrouvert.org/namespaces/lasso/0.0;
Version="2">xmlns:lasso="http://www.entrouvert.org/namespaces/lasso/0.0;
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
RemoteProviderID="https://auth.example.com/realms/master;
FederationDumpVersion="2">Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">G-2594070f-2a5d-452d-8a25-97a59350d785
identityAA: xmlns="http://www.entrouvert.org/namespaces/lasso/0.0;
Version="2">xmlns:lasso="http://www.entrouvert.org/namespaces/lasso/0.0;
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
RemoteProviderID="https://auth.example.com/realms/master;
FederationDumpVersion="2">Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">G-2594070f-2a5d-452d-8a25-97a59350d785
lasso_identity_destroy/post
Program received signal SIGSEGV, Segmentation fault.
0x77439d35 in objc_msg_lookup () from
/lib/x86_64-linux-gnu/libobjc.so.4
(gdb) bt
#0 0x77439d35 in objc_msg_lookup () at
/lib/x86_64-linux-gnu/libobjc.so.4
#1 0x76de9cb9 in () at /lib/libgnustep-base.so.1.28
#2 0x77f3d304 in NSPrintErr (format=0x77f526f6) at
./SoObjects/SOGo/SOGoSAML2Session.m:91
#3 0x77f3f4d9 in -[SOGoSAML2Session processAuthnResponse:]
(self=0x55877870, _cmd=0x725e1a30
<_OBJC_SELECTOR_TABLE+720>, authnResponse=0x559906d0) at
./SoObjects/SOGo/SOGoSAML2Session.m:546
#4 0x725d6b39 in -[SOGoSAML2Actions saml2SignOnPOSTAction]
(self=0x55e2a1a0, _cmd=0x55aa6510) at
./UI/MainUI/SOGoSAML2Actions.m:175
#5 0x7794cd31 in () at /lib/libNGObjWeb.so.4.9
#6 0x779ea252 in () at /lib/libNGObjWeb.so.4.9
---
I also tried to comment out the call to lasso_identity_destroy() but
this didn't change the segfault. So I assume something gets messed up
before.
But now I really don't know how to get further on my own.
@users@sogo.nu: Any ideas?
PS: The NSPrintErr is this one and the segfault is the NSString line.
---
// print to stderr
static void NSPrintErr(NSString *format, ...) {
va_list args;
va_start(args, format);
NSString *string = [[NSString alloc] initWithFormat:format
arguments:args];
va_end(args);
fprintf(stderr, "%s\n", [string UTF8String]);
fflush(stderr);
#if !__has_feature(objc_arc)
[string release];
#endif
}
---
Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hi,
first of all, thanks for the help.
The profile.c if from the lasso module ->
https://github.com/adieu/lasso/blob/master/lasso/saml-2.0/profile.c
We need to find which lasso function in SOGoSAML2Session.m (I
assume, it may be another file) is called and make that error, then
check the arguments given.
I try to find the mentioned function with this changes:
--- SOGoSAML2Session.m ---
- (id) _initWithDump: (NSDictionary *) saml2Dump
inContext: (WOContext *) context
{
lasso_error_t rc;
LassoServer *server;
LassoProfile *profile;
const gchar *dump;
if ((self = [self init]))
{
server = [SOGoSAML2Session lassoServerInContext: context];
lassoLogin = lasso_login_new (server);
if (saml2Dump)
{
profile = LASSO_PROFILE (lassoLogin);
ASSIGN (login, [saml2Dump objectForKey: @"login"]);
ASSIGN (identifier, [saml2Dump objectForKey: @"identifier"]);
ASSIGN (assertion, [saml2Dump objectForKey: @"assertion"]);
ASSIGN(identity, [saml2Dump objectForKey: @"identity"]);
dump = [identity UTF8String];
if (dump)
{
NSLog(@"_initWithDump/identity/pre: %@", dump);
lasso_profile_set_identity_from_dump (profile, dump);
NSLog(@"_initWithDump/identity/pore: %@", dump);
}
---
---
Jun 28 09:00:30 sogod [831]: |SOGo| request took 0.102924 seconds to execute
Jun 28 09:00:30 sogod [831]: 79.140.187.148, 172.27.11.107 "POST
/SOGo/saml2-signon-post HTTP/1.1" 302 0/12977 0.105 - - 692K - 12
Jun 28 09:00:30 sogod [831]: |SOGo| starting method 'GET' on uri
'/SOGo//claas.hilbre...@linum.com'
Program received signal SIGSEGV, Segmentation fault.
0x77439d35 in objc_msg_lookup () from
/lib/x86_64-linux-gnu/libobjc.so.4
(gdb) bt
#0 0x77439d35 in objc_msg_lookup () at
/lib/x86_64-linux-gnu/libobjc.so.4
#1 0x76dc45cc in GSPrivateFormat
(s=s@entry=0x7fffa9f0, format=format@entry=0x7fffaa30,
ap=ap@entry=0x7fffbae0, locale=locale@entry=0x0) at
./Source/GSFormat.m:1869
#2 0x76de9d69 in -[GSPlaceholderString
initWithFormat:locale:arguments:]
(self=0x556ea340, _cmd=, format=out>, locale=0x0, argList=0x7fffbae0) at ./Source/GSString.m:1642
#3 0x76ec0674 in NSLogv (format=0x77fbf820
<_OBJC_INSTANCE_24.9>, args=0x7fffbae0) at ./Source/NSLog.m:425
#4 0x76ec09e9 in NSLog (format=) at
./Source/NSLog.m:297
#5 0x77f3e7ed in -[SOGoSAML2Session _initWithDump:inContext:]
(self=0x55ddd350, _cmd=0x77fc01b0
<_OBJC_SELECTOR_TABLE+688>, saml2Dump=0x55746610,
context=0x55ddce30)
at ./SoObjects/SOGo/SOGoSAML2Session.m:372
#6 0x77f3eb31 in +[SOGoSAML2Session _SAML2SessionWithDump:inContext:]
(self=0x77fbfd80 <_OBJC_Class_SOGoSAML2Session>,
_cmd=0x77fc01d0 <_OBJC_SELECTOR_TABLE+720>,
saml2Dump=0x55746610, context=0x55ddce30)
at ./SoObjects/SOGo/SOGoSAML2Session.m:413
#7 0x77f3ec69 in +[SOGoSAML2Session
SAML2SessionWithIdentifier:inContext:]
---
RE: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hello,
The profile.c if from the lasso module ->
https://github.com/adieu/lasso/blob/master/lasso/saml-2.0/profile.c
We need to find which lasso function in SOGoSAML2Session.m (I assume, it may be
another file) is called and make that error, then check the arguments given.
Quentin
-Original Message-
From: users-requ...@sogo.nu On Behalf Of Claas Hilbrecht
Sent: mardi 27 juin 2023 20:55
To: users@sogo.nu
Subject: Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hi,
I recompiled the sogo 5.8.4 package from Debian sid and added some NSLog
outputs. So I can confirm that the SAML response is really ok and the content
is fine. But it seems something in my setup is wrong.
SOGo writes the current session to the sogo_sessions_folder. This works fine,
the content in stored in the mysql db. But after storing the session two errors
get logged:
---
(process:20775): Lasso-CRITICAL **: 20:45:24.648: 2023-06-27 20:45:24
(profile.c/:913) Trying to unref a non GObject pointer
file=profile.c:913 pointerbybname=profile->identity
pointer=0x55c2ab612ec0
(process:20775): Lasso-CRITICAL **: 20:45:24.648: 2023-06-27 20:45:24
(profile.c/:916) Trying to unref a non GObject pointer
file=profile.c:916 pointerbybname=profile->session
pointer=0x55c2ab547c90
---
I can't find the profile.c source code for now but I assumed sogo
tried to read from the table sogo_user_profile the users profile. But
even after creating this entry
INSERT INTO `sogo_user_profile` (`c_uid`, `c_defaults`, `c_settings`) VALUES
('claas.hilbre...@example.com', '{}', '{}');
I still get the above error... So what I'm missing?
---
Jun 27 18:45:24 sogod [20775]: 79.140.187.148, 172.27.11.107 "GET
/SOGo//claas.hilbre...@example.com HTTP/1.1" 302 0/0 0.015 - - 0 - 13
Jun 27 18:45:24 sogod [20775]: |SOGo| starting method 'POST' on uri
'/SOGo/saml2-signon-post'
2023-06-27 18:45:24.643 sogod[20775:20775] loginA: claas.hilbre...@example.com
2023-06-27 18:45:24.643 sogod[20775:20775] loginB: claas.hilbre...@example.com
2023-06-27 18:45:24.643 sogod[20775:20775] loginC: claas.hilbre...@example.com
2023-06-27 18:45:24.643 sogod[20775:20775] assertionA: https://auth.example.com/realms/masterhttp://www.w3.org/2000/09/xmldsig#;>http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmlenc#sha256"/>KNo7JjLw1k6KyvJCzBkw6firW3TO2IvMr9Z+NiIeJqE=aDvUyS7iFXxi9ILF6byZeh1wbmqu2928G2KNa7zWGGEK0bDTv6udgHtoVnaBJ1+s4JE7G5QCBc/0KdmK+qveGwITcTXLSaSZHZuKfF3Nd1Q8HbA/m7YX9F0E8qFHBQkBCGvbSiR2Jttn2YXkGsxy+T455dV24Fl840KkM9ENiG4e2kHExHdM1aFMQbgBMxdJcWhBTkatnawBvSv5PpTvG8u0bU4UX7RlsdGnK+OnWCCe8tH1aKLUUaDRANuiEzroyVdBLbXEnmiYLru8QIx9ycckrx6NuIw6kNX73g07S5uQUS9fxemYs6BRNcHUHboL/aRPdq1XrgUDdBsTdDiFdQ==lW-L-g3kaWfrc5goQbcyY8W77J3-dWbKGA1joPXW19MMIICmzCCAYMCBgGAiWAFjDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIwNTAzMTAwMTUzWhcNMzIwNTAzMTAwMzMzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKbGwTJIDI7FURSwl83/CH15MTTVXN9ieRRcJ6Bd/tXogpNLMpqKCbMT3gdn7mF9XR+xNryKCwPIcDO2TMOE9yXxyLe4SQvj06zR+dK/v63sJk783rRO7APLFmoamQtONDc5nfqz3DpKbTCO0AqIK8Ki44TzQviEYaMzidApMI46bDl0ep5o/zCgzmNlVIZFdah4wp7c1wRw3+RVlrgJonT3dY7C+mHhLYrQ+pZsWb/6hmt1mvglf+Vh6iQrt6/I7uCMHH9LxxdRyaCCLZly6Zdei0qjlmp+VRTm+EMscct6kmeOgAXX5KCSh6n+flx7neL+MlQ0fgtGaBrnaxLzPDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGOhSwEHfHPbBk/QmyYfIvvMekDEj6iZCx/mrLRY0QuZzimsGgTFGM4kHH3kBwRvrswiB/VFloUrAtSBK6/NLc7CGNAdZ+pazOYcD/b0FtmoeGNixQluXVPdzsLYLVVvxHC/XrHS7C9Ne2bfwal+OP5c/emuNuV6PSmqo8XZhSP3025TapoDph+07DKRZUiJbCYcKgWrW+/UbaLCi0enf7qY2q7f8ztCwMxkClNN1RxQb/Fh78CG8eIW5hypyP/FLMlcOiDMLynwoSxSuinuIT/pzS8KW5nh8CftevPh8peCrlLv6Xzux7Ys3FANnXOhUEKsgM1c+PTen87Nq3JZ6RM=G-2594070f-2a5d-452d-8a25-97a59350d785https://sogo.example.com/SOGo/saml2-signon-post"/>https://sogo.example.com/SOGo/saml2-metadataurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiedhttp://www.w3.org/2001/XMLSchema;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
xsi:type="xs:string">claas.hilbre...@example.comhttp://www.w3.org/2001/XMLSchema;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
xsi:type="xs:string">clahil
2023-06-27 18:45:24.643 sogod[20775:20775] identifierA:
G-2594070f-2a5d-452d-8a25-97a59350d785
2023-06-27 18:45:24.645 sogod[20775:20775]
SQL:
BEGIN;
2023-06-27 18:45:24.646 sogod[20775:20775]
query
has no results.
2023-06-27 18:45:24.646 sogod[20775:20775]
SQL:
SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM
sogo_sessions_folder t1 WHERE t1.c_id='AY9zox6L6tlqhvTT';
2023-06-27 18:45:24.646 sogod[20775:20775]
query
has results, entering fetch-mode.
2023-06-27 18:45:24.646 sogod[20775:20775]
SQL:
ROLLBACK;
2023-06-27 18:45:24.646 sogod[20775:20775]
query
has no resu
Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hi,
I recompiled the sogo 5.8.4 package from Debian sid and added some
NSLog outputs. So I can confirm that the SAML response is really ok
and the content is fine. But it seems something in my setup is wrong.
SOGo writes the current session to the sogo_sessions_folder. This
works fine, the content in stored in the mysql db. But after storing
the session two errors get logged:
---
(process:20775): Lasso-CRITICAL **: 20:45:24.648: 2023-06-27 20:45:24
(profile.c/:913) Trying to unref a non GObject pointer
file=profile.c:913 pointerbybname=profile->identity
pointer=0x55c2ab612ec0
(process:20775): Lasso-CRITICAL **: 20:45:24.648: 2023-06-27 20:45:24
(profile.c/:916) Trying to unref a non GObject pointer
file=profile.c:916 pointerbybname=profile->session
pointer=0x55c2ab547c90
---
I can't find the profile.c source code for now but I assumed sogo
tried to read from the table sogo_user_profile the users profile. But
even after creating this entry
INSERT INTO `sogo_user_profile` (`c_uid`, `c_defaults`, `c_settings`) VALUES
('claas.hilbre...@example.com', '{}', '{}');
I still get the above error... So what I'm missing?
---
Jun 27 18:45:24 sogod [20775]: 79.140.187.148, 172.27.11.107 "GET
/SOGo//claas.hilbre...@example.com HTTP/1.1" 302 0/0 0.015 - - 0 - 13
Jun 27 18:45:24 sogod [20775]: |SOGo| starting method 'POST' on uri
'/SOGo/saml2-signon-post'
2023-06-27 18:45:24.643 sogod[20775:20775] loginA: claas.hilbre...@example.com
2023-06-27 18:45:24.643 sogod[20775:20775] loginB: claas.hilbre...@example.com
2023-06-27 18:45:24.643 sogod[20775:20775] loginC: claas.hilbre...@example.com
2023-06-27 18:45:24.643 sogod[20775:20775] assertionA: xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="ID_21fcb575-9d92-4539-889e-40cf22767fd0"
IssueInstant="2023-06-27T18:45:24.511Z"
Version="2.0">https://auth.example.com/realms/masterhttp://www.w3.org/2000/09/xmldsig#;>http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>http://www.w3.org/2001/10/xml-exc-c14n#"/>http://www.w3.org/2001/04/xmlenc#sha256"/>KNo7JjLw1k6KyvJCzBkw6firW3TO2IvMr9Z+NiIeJqE=aDvUyS7iFXxi9ILF6byZeh1wbmqu2928G2KNa7zWGGEK0bDTv6udgHtoVnaBJ1+s4JE7G5QCBc/0KdmK+qveGwITcTXLSaSZHZuKfF3Nd1Q8HbA/m7YX9F0E8qFHBQkBCGvbSiR2Jttn2YXkGsxy+T455dV24Fl840KkM9ENiG4e2kHExHdM1aFMQbgBMxdJcWhBTkatnawBvSv5PpTvG8u0bU4UX7RlsdGnK+OnWCCe8tH1aKLUUaDRANuiEzroyVdBLbXEnmiYLru8QIx9ycckrx6NuIw6kNX73g07S5uQUS9fxemYs6BRNcHUHboL/aRPdq1XrgUDdBsTdDiFdQ==lW-L-g3kaWfrc5goQbcyY8W77J3-dWbKGA1joPXW19MMIICmzCCAYMCBgGAiWAFjDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIwNTAzMTAwMTUzWhcNMzIwNTAzMTAwMzMzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKbGwTJIDI7FURSwl83/CH15MTTVXN9ieRRcJ6Bd/tXogpNLMpqKCbMT3gdn7mF9XR+xNryKCwPIcDO2TMOE9yXxyLe4SQvj06zR+dK/v63sJk783rRO7APLFmoamQtONDc5nfqz3DpKbTCO0AqIK8Ki44TzQviEYaMzidApMI46bDl0ep5o/zCgzmNlVIZFdah4wp7c1wRw3+RVlrgJonT3dY7C+mHhLYrQ+pZsWb/6hmt1mvglf+Vh6iQrt6/I7uCMHH9LxxdRyaCCLZly6Zdei0qjlmp+VRTm+EMscct6kmeOgAXX5KCSh6n+flx7neL+MlQ0fgtGaBrnaxLzPDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGOhSwEHfHPbBk/QmyYfIvvMekDEj6iZCx/mrLRY0QuZzimsGgTFGM4kHH3kBwRvrswiB/VFloUrAtSBK6/NLc7CGNAdZ+pazOYcD/b0FtmoeGNixQluXVPdzsLYLVVvxHC/XrHS7C9Ne2bfwal+OP5c/emuNuV6PSmqo8XZhSP3025TapoDph+07DKRZUiJbCYcKgWrW+/UbaLCi0enf7qY2q7f8ztCwMxkClNN1RxQb/Fh78CG8eIW5hypyP/FLMlcOiDMLynwoSxSuinuIT/pzS8KW5nh8CftevPh8peCrlLv6Xzux7Ys3FANnXOhUEKsgM1c+PTen87Nq3JZ6RM=G-2594070f-2a5d-452d-8a25-97a59350d785https://sogo.example.com/SOGo/saml2-signon-post"/>https://sogo.example.com/SOGo/saml2-metadataurn:oasis:names:tc:SAML:2.0:ac:classes:unspecifiedhttp://www.w3.org/2001/XMLSchema; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance; xsi:type="xs:string">claas.hilbre...@example.comhttp://www.w3.org/2001/XMLSchema; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
xsi:type="xs:string">clahil
2023-06-27 18:45:24.643 sogod[20775:20775] identifierA:
G-2594070f-2a5d-452d-8a25-97a59350d785
2023-06-27 18:45:24.645 sogod[20775:20775]
SQL:
BEGIN;
2023-06-27 18:45:24.646 sogod[20775:20775]
query
has no results.
2023-06-27 18:45:24.646 sogod[20775:20775]
SQL:
SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM
sogo_sessions_folder t1 WHERE t1.c_id='AY9zox6L6tlqhvTT';
2023-06-27 18:45:24.646 sogod[20775:20775]
query
has results, entering fetch-mode.
2023-06-27 18:45:24.646 sogod[20775:20775]
SQL:
ROLLBACK;
2023-06-27 18:45:24.646 sogod[20775:20775]
query
has no results.
2023-06-27 18:45:24.646 sogod[20775:20775]
SQL:
BEGIN;
2023-06-27 18:45:24.646 sogod[20775:20775]
query
has no results.
2023-06-27 18:45:24.646 sogod[20775:20775]
SQL:
INSERT INTO sogo_sessions_folder (c_lastseen, c_creationdate, c_value,
c_id) VALUES (1687891524, 1687891524,
Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hi, next Update. After using the URL https://www.scottbrady91.com/tools/saml-parser to inspect my SAML response I'm pretty sure everything is fine. This site is able to display SAML Response without any garbage. Now I'm getting a little step further (after manually doing this query: ALTER TABLE sogo_sessions_folder MODIFY c_value VARCHAR(4096);) --- Jun 26 18:45:21 sogod [2521]: |SOGo| starting method 'POST' on uri '/SOGo/saml2-signon-post' 2023-06-26 18:45:21.404 sogod[2521:2521] SQL: BEGIN; 2023-06-26 18:45:21.404 sogod[2521:2521] query has no results. 2023-06-26 18:45:21.404 sogod[2521:2521] SQL: SELECT t1.c_creationdate, t1.c_id, t1.c_lastseen, t1.c_value FROM sogo_sessions_folder t1 WHERE t1.c_id='+dm+GN1YY2Cu2LHI'; 2023-06-26 18:45:21.405 sogod[2521:2521] query has results, entering fetch-mode. 2023-06-26 18:45:21.405 sogod[2521:2521] SQL: ROLLBACK; 2023-06-26 18:45:21.405 sogod[2521:2521] query has no results. 2023-06-26 18:45:21.405 sogod[2521:2521] SQL: BEGIN; 2023-06-26 18:45:21.405 sogod[2521:2521] query has no results. 2023-06-26 18:45:21.405 sogod[2521:2521] SQL: INSERT INTO sogo_sessions_folder (c_lastseen, c_creationdate, c_value, c_id) VALUES (1687805121, 1687805121, 'iYz+xz02bTv8zdjSHNQUAGs6O/I49dCc4MhKKn0Nymqik2Dm+37+PGdVgU3d1q4izrES89wLe7h85jXF0PQhjE6wL494/RvTUin2e2gJvebZtJQ317RyX1x7KieUrbAqn9MGadEFI6+HsK6zwylpafHJ/163+u5Ii2C/mG2I0DXdFoddXQcl8YxeaOFscWNl2TdsSc/VJO897mRKoZuZZdu7U0xWTKdqK5y2vW40Oe6kJx9WUVp7GWX9rsbVeKtlTHJPHNQ2+GiyoeaOHTe676v7ufytiMOPQ1NmFqJ6vLgcfRgXyJd0P7WgUHWW+1KlbfTkveHRdsVzRhVXrhWp85rMYDV8tEZuVl2WXXuaZPSbg2BnX5QjQKgyrcauqAWktn4/uJmTRyA/fLI8oMf7WmbTmr5Gr+foXfP9Eq4lkCLWgPcitOKSs0dmyY++4nwuikMISapGekvdP1LX+elFve3vt34AXZ0/RPiAkWH+Kxh9Jr3ClBLQERjbJPgj9s/hefozT9iKoJhEaWL7EhJy2eOanwAKraA53cMI2TkXcVPbYcHkyg8N/qmhG+apwVe82a2frdFAEOT8tGsNUOfW3jIOaWEhUKSw4MnoC0qszwwZt5KYG7cSiIRCcypUeSMs1k78EBEuaI5G3A9ZviGwwP413YuV7lPH46xUDD3wJKTRWO0B2gHUZBuSRFc22HFXdYGljLuYl90PhlpR97cYBxNvhboTjT6jAZ3sPNF0QsPnvfNSNUWUvMY/e0Gp+0y5rUxQQ3WeDthFYFJxTS92rkknEiD47JsQuEEEIaFcn0ld1VszVP2ONr/biSEAMNm1VdCKshviN/21x1PP4D2YV21ntV1eHF9TgggpOIU4gqbV9FnYGtKUV86DKyHQlN7c0AvTxh4K2qL/qeUKhE4Epm3qLyEMwyPHn/JMAjmZ6WWWRdNaRmBcYGL4zL9Vqj7yrFvP/JyZtsBgDnbYR/3BuAF2TwAuOBSAYCDof +ZGcWPVXC+mnpv4Kd3xBLgolTbA H6cQe1wdVAa4hjmNZN/KFUUeuGI0v1tiNgy4Z+gnf6RZ+lf6ojr3Pw6uBI6OK/xUKnB4NdxPjJ408GxbXwbFk6ghUUGXPJ1rvGWV8+3MY9DS0g+QSnhX8ckSKZPT57tsZ0tJfTn0N8ycSaC5VmaLyN0oJZdFTIWNhqZ8debIl0WxszSZhHaS6Gb9GkvbDFMAmvLcDjYQp4AURQ22RhXb1r/YlHhdsr2EwvAafvUk+X8dHLETVXqTah4PXnu3z+eRSsR+LML4NojQ1w31hiMjQxFBZyiNB6gU0EMpHXTQ0BjzS4IocyFhamr4pL332+Q6fZll5tb/An+jnmXdU6Kp3dyrj0dI2loVS4zp4Qrfz/AJjJMUROKfTFlINQRRuEToBAMl6kVyKXTSvMlfB1Fa1Cf7esHSzegbgyPCKOHxlBqkssxXVQs78fQbczj8MDFNBTOe82+7eFrTqxY3xN1MDUcRI7awnXEQwYEOJEsR9F2X6JbY6Ee6n5DjCpRA1bgo6SuUPpB5M8Zgxff0GTaf3TyYigWqw8rdE+TLl6sGC+hAGGj9Iq0D8FAToj/dXVpC7aez5Umo8DzGxxS3Y9vMcRdvf8G4tEGP1V0KWgLMMY+cc5T1xv/jF1C9/e+Sh5dvx34beIGtBBWRS4vqjPdfLwn2vgSAwEtVvKBayzAz2WHRZJ9kK83PfSuvMeHUyqadbZUYewc7ryKkcIwcBvDXgzM6IkyZmZ58arkD6UEQLuFtDtYYrNB1WNSrxxiKrkSvaPhTFntYhH8nhDkQoVhzsQFMhYyo4XtpOSq3SsLc9s77A8YCm1M5jxgTOgyklwDBaatny0QDCeLpN9vpPQ5f00n8VfKwf2WVZ32okBk1kPnFZX3wiAfYeddSNDml/BzwoSVAiDvQkqnsmoZTWSh0mfWFOydcgMjQMD98E/F/28xykxvGoy3GPsrzvTytl9q4FR0fc0sxrNIRHtzfQqea4OiTJK1TAsHIzBirYu aXbnkcpFuyit7pgY46JwPK4abL 98E/F/28xykxvGoy3GPsrzvTytl9q4FR0fc0sxrNIRHtzfQqea4OiTJK1TAsHIzBirYuaXbnkcpFuyit7pgY46JwPK4abL 9/FPpQzff1tZeAx/MOmMmoH9QB4SU8OnqwlqRU7nqmR96W8TPjcfH+WIn8hW1do1VbEsXHVv4UvNLKlO0D3tY+/pWjSixNdov1mA1I4sWx6RreZFe7qWV/FWJT189aMz2LtGhy/azD2jVQFpHtUNTPS7STf1t6LhNVWsDhCDwWq1Ie9u/8PtFd2Tx9GLbjK3jXS9M9SCBC1nSCjP+v8aqRyjVPpntTYYnXQ8QLLbTrUmGF4No7ZRcovuzXiot+3X+1MUl+HPQPREgxF99Q9WkRdtYJHyMaHUZEkd62k+W57FUASiaCGwBz2hEimfBaSAj7yd4XAGYWJ2ZqGsBC0ne9+EfsdEdSDMt3YyGYuOusTPklJqHDxjS2n8XEDZneD3ISxDaZWT/Ps2/0kl4RtptzdGKOLv5oU05bi5twFIl1YG19ie62wsMuUN40ZZlrYXpCbl66h+TL35W1eYrYnMgLqsdR9QwWGgjeOX4Do9w4WM7GsFIKb6edCfnxFNb0oUj6HOsKfJLgbOlAHdJOJnjrIsLTwqz0TKKGjItH2qFK7DW9hNyY7uqSxe/B8m7sXIS6zznJqog5iy/Isc7PKNH7lEwqZqmHPOvwA1MRG8tImFlsM8mabPUP1QE9qiRwOv5DQuLm3950Ov8WwKmsMNFdBzOIyEcP9kmGlqPDfk5qO/rEyzJBN75xMjN+Ojh7egyZ6uWJZmDMhnqiFBKpnUsXAMStcZNyqHYhA55BVoMQmEx3c7QNL9kREOfLBKyzSEfvScyodvieGeblibPRBLKLqCz0xsrTUYTpb3iLM+lCfd5nGnLpjrOi2uptD7jHkrd5HGkcKBr33pi+G318MkhGBGCoHX8neC2EQGs0mSlmQ+S1JLvpbi2NoKQvuLnRDucQ6zZXdphTD9SJLKgbyEoHsSsFJdBQvZDIss3bj7eoiVY7NvAMcLRfDyr0Pzc1U=', '+dm+GN1YY2Cu2LHI'); 2023-06-26 18:45:21.405 sogod[2521:2521] query has no results. 2023-06-26 18:45:21.405 sogod[2521:2521] SQL: COMMIT; 2023-06-26 18:45:21.406 sogod[2521:2521] query has no results. Jun 26 18:45:21 sogod [2521]: |SOGo| constructed root-url: /SOGo/ Jun 26 18:45:21 sogod [2521]: |SOGo| setting root-url in context: /SOGo/ Jun 26 18:45:21 sogod [2521]: |SOGo| ROOT baseURL(no container, name=(null)): own: /SOGo/ (process:2521): Lasso-CRITICAL **: 20:45:21.407: 2023-06-26 20:45:21 (profile.c/:913) Trying to unref a non GObject pointer file=profile.c:913
Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hi, after looking at the sourcecode, which is just: if (loginAttribue && (strcmp (attribute->Name, [loginAttribue UTF8String]) == 0)) I tried to debug the request flow. With the help of the apache dumpio module I was able to capture the whole traffic. II tried to decode the capture but it seems that the data is brocken. It starts like this: xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Destination="https://sogo.linum.biz/SOGo/saml2-signon-post; ID="ID_f2451abf-1693-4509-a54f-af20461c28d5" InResponseTo="_02F15ED37EA154C6F8927F722B48897D" IssueInstant="2023-06-26T15:46:30.664Z" Version="2.0"> looks like garbage. So somewhere in between the proxy setup something goes wrong.
Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
Hi, In your logs you have a segfault. You need to provide a backtrace according to https://www.sogo.nu/support/faq/how-do-i-debug-sogo.html Here it is: --- 2023-06-26 07:39:05.169 sogod[816:816] SQL: SELECT c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous'; 2023-06-26 07:39:05.171 sogod[816:816] query has results, entering fetch-mode. Jun 26 07:39:05 sogod [816]: |SOGo| request took 0.468025 seconds to execute Jun 26 07:39:05 sogod [816]: 79.140.187.148, 172.27.11.107 "GET /SOGo HTTP/1.1" 302 0/0 0.471 - - 4M - 11 Jun 26 07:39:10 sogod [816]: |SOGo| starting method 'POST' on uri '/SOGo/saml2-signon-post' Program received signal SIGSEGV, Segmentation fault. 0x76ac7744 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x76ac7744 in ?? () from /lib/x86_64-linux-gnu/libc.so.6 #1 0x77f400c1 in -[SOGoSAML2Session _updateDataFromLogin] (self=0x55705c40, _cmd=0x77fc0cc0 <_OBJC_SELECTOR_TABLE+640>) at ./SoObjects/SOGo/SOGoSAML2Session.m:272 #2 0x77f40f2c in -[SOGoSAML2Session processAuthnResponse:] (self=0x55705c40, _cmd=0x725e99b0 <_OBJC_SELECTOR_TABLE+720>, authnResponse=0x55e26970) at ./SoObjects/SOGo/SOGoSAML2Session.m:466 #3 0x725deb3b in -[SOGoSAML2Actions saml2SignOnPOSTAction] (self=0x55e07820, _cmd=0x558769c0) at ./UI/MainUI/SOGoSAML2Actions.m:175 #4 0x7794cd31 in -[WODirectAction performActionNamed:] (self=0x55e07820, _cmd=0x77b28ca0 <_OBJC_SELECTOR_TABLE+928>, _actionName=0x55dc9590) at ./sope-appserver/NGObjWeb/WODirectAction.m:97 #5 0x779ea252 in -[SoActionInvocation callOnObject:withPositionalParametersWhenNotNil:inContext:] (self=0x55752f70, _cmd=0x77b28cd0 <_OBJC_SELECTOR_TABLE+976>, _client=0x55998c80, _positionalArgs=0x0, _ctx=0x5578e790) at ./sope-appserver/NGObjWeb/SoObjects/SoActionInvocation.m:300 #6 0x779ea39b in -[SoActionInvocation callOnObject:inContext:] (self=0x55752f70, _cmd=0x77b229a0 <_OBJC_SELECTOR_TABLE+672>, _client=0x55998c80, _ctx=0x5578e790) at ./sope-appserver/NGObjWeb/SoObjects/SoActionInvocation.m:318 #7 0x779e4031 in -[SoObjectMethodDispatcher dispatchInContext:] (self=0x55de1e60, _cmd=0x77b24e40 <_OBJC_SELECTOR_TABLE+1536>, _ctx=0x5578e790) at ./sope-appserver/NGObjWeb/SoObjects/SoObjectMethodDispatcher.m:192 #8 0x779e685c in -[SoObjectRequestHandler handleRequest:inContext:session:application:] (self=0x55a978b0, _cmd=0x77aaec10 <_OBJC_SELECTOR_TABLE+848>, _rq=0x555e9f30, _ctx=0x5578e790, _sn=0x0, app=0x55998c80) at ./sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m:584 #9 0x779605cd in -[WORequestHandler handleRequest:] (self=0x55a978b0, _cmd=0x77a77190 <_OBJC_SELECTOR_TABLE+1616>, _request=0x555e9f30) at ./sope-appserver/NGObjWeb/WORequestHandler.m:240 #10 0x7791aa2b in -[WOCoreApplication dispatchRequest:usingHandler:] (self=0x55998c80, _cmd=0x77a771e0 <_OBJC_SELECTOR_TABLE+1696>, _request=0x555e9f30, handler=0x55a978b0) at ./sope-appserver/NGObjWeb/WOCoreApplication.m:712 #11 0x7791ad96 in -[WOCoreApplication dispatchRequest:] (self=0x55998c80, _cmd=0x55567520 <_OBJC_SELECTOR_TABLE+1664>, _request=0x555e9f30) at ./sope-appserver/NGObjWeb/WOCoreApplication.m:752 #12 0xd9b5 in -[SOGo dispatchRequest:] (self=0x55998c80, _cmd=0x77b14d00 <_OBJC_SELECTOR_TABLE+1760>, _request=0x555e9f30) at ./Main/SOGo.m:584 #13 0x779d2c28 in -[WOHttpTransaction _run] (self=0x558f2470, _cmd=0x77b14d30 <_OBJC_SELECTOR_TABLE+1808>) at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpTransaction.m:566 #14 0x779d2fee in -[WOHttpTransaction run] (self=0x558f2470, _cmd=0x77b11250 <_OBJC_SELECTOR_TABLE+1168>) at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpTransaction.m:619 #15 0x779ce5e6 in -[WOHttpAdaptor runConnection:] (self=0x558f1fd0, _cmd=0x77b112f0 <_OBJC_SELECTOR_TABLE+1328>, _socket=0x55a7df70) at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:373 #16 0x779ce83d in -[WOHttpAdaptor _handleAcceptedConnection:] (self=0x558f1fd0, _cmd=0x77b11300 <_OBJC_SELECTOR_TABLE+1344>, _connection=0x55a7df70) at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:407 #17 0x779cecb6 in -[WOHttpAdaptor _handleConnection:] (self=0x558f1fd0, _cmd=0x77b113a0 <_OBJC_SELECTOR_TABLE+1504>, connection=0x55a7df70) at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:466 #18 0x779cf1c7 in -[WOHttpAdaptor acceptConnection:] (self=0x558f1fd0, _cmd=0x77b11210 <_OBJC_SELECTOR_TABLE+1104>, _notification=0x5574f650) at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:527 --Type for more, q to quit, c to
Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm
In your logs you have a segfault. You need to provide a backtrace according to
https://www.sogo.nu/support/faq/how-do-i-debug-sogo.html
Sebastien
Le Samedi, Juin 24, 2023 13:38 CEST, "Claas Hilbrecht"
(claas-pool.s...@linum.com) a écrit:
Hi,
I try to get a SAML login working and failed. I read a lot in this
list and think I'm pretty close towards a working setup. I managed to
get redirected to the IDP login screen and while I get redirected back
to SOGo I get this error message:
---
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
---
The sogo.log to this request is:
---
Jun 24 11:16:38 sogod [2131]: |SOGo| starting method 'GET' on uri '/SOGo'
Jun 24 11:16:38 sogod [2131]: <0x0x5572c15faaa0[SOGoCache]> Cache
cleanup interval set every 3600.00 seconds
Jun 24 11:16:38 sogod [2131]: <0x0x5572c15faaa0[SOGoCache]> Using
host(s) '127.0.0.1' as server(s)
Jun 24 11:16:38 sogod [2131]: [WARN]
<0x0x7fc5bc4d8a80[WOxElemBuilder]> could not locate builders:
WOxExtElemBuilder,WOxExtElemBuilder
Jun 24 11:16:38 sogod [2131]: [ERROR]
<0x0x5572c19e0770[SOGoUserManager]> No authentication sources defined
- nobody will be able to login. Check your defaults.
2023-06-24 11:16:38.057 sogod[2131:2131]
SQL:
SELECT c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous';
2023-06-24 11:16:38.058 sogod[2131:2131]
query
has results, entering fetch-mode.
Jun 24 11:16:38 sogod [2131]: |SOGo| request took 0.152470 seconds to execute
Jun 24 11:16:38 sogod [2131]: 79.140.187.148, 172.27.11.107 "GET /SOGo
HTTP/1.1" 302 0/0 0.155 - - 6M - 12
Jun 24 11:16:44 sogod [2131]: |SOGo| starting method 'POST' on uri
'/SOGo/saml2-signon-post'
Jun 24 11:16:44 sogod [2128]: <0x0x5572c1604cf0[WOWatchDogChild]>
child 2131 exited
Jun 24 11:16:44 sogod [2128]: <0x0x5572c1604cf0[WOWatchDogChild]>
(terminated due to signal 11)
Jun 24 11:16:44 sogod [2128]: <0x0x5572c1543c80[WOWatchDog]> child
spawned with pid 2135
2023-06-24 11:16:44.602 sogod[2135:2135] MySQL4 connection established
0x0x5572c168a150
2023-06-24 11:16:44.602 sogod[2135:2135] -- -[MySQL4Channel
openChannel]: opens channel count[0]
2023-06-24 11:16:44.602 sogod[2135:2135] MySQL4 channel
0x0x5572c155ae80 opened (connection=0x0x5572c168a150,sogo)
2023-06-24 11:16:44.602 sogod[2135:2135]
SQL:
SELECT 1 FROM sogo_user_profile WHERE 1 = 2;
2023-06-24 11:16:44.603 sogod[2135:2135]
query
has results, entering fetch-mode.
2023-06-24 11:16:44.603 sogod[2135:2135]
SQL:
SELECT 1 FROM sogo_folder_info WHERE 1 = 2;
2023-06-24 11:16:44.603 sogod[2135:2135]
query
has results, entering fetch-mode.
2023-06-24 11:16:44.605 sogod[2135:2135]
SQL:
SELECT 1 FROM sogo_sessions_folder WHERE 1 = 2;
2023-06-24 11:16:44.605 sogod[2135:2135]
query
has results, entering fetch-mode.
Jun 24 11:16:44 sogod [2135]: <0x0x5572c176b150[WOHttpAdaptor]>
notified the watchdog that we are ready
---
I think the WOWatchDogChild kills for whatever reason the login
process... Previously I got a this error:
---
sogo.log.1:2023-06-22 19:10:31.616 sogod[4831:4831] EXCEPTION:
NAME:NSInvalidArgumentException
REASON:Tried to add nil value for key 'login' to dictionary INFO:{}
---
But after adding a login key (as a AttributeStatement Mapper/User
Property) to the SAML answer the above error message is thrown.
I try to get the SAML login working with Debian bookworm and Keykoack 21.1.1.
---
dpkg -l | grep -e 'sogo\|sope'
ii libsope1 5.8.0-1
amd64 SKYRiX Object Publishing Environment (shared libraries)
ii sogo 5.8.0-1
amd64 Scalable groupware server
ii sogo-activesync 5.8.0-1
amd64 Scalable groupware server - ActiveSync module
ii sogo-common 5.8.0-1 all
Scalable groupware server - common files
---
My sogo.conf looks like this:
---
{
SOGoDebugRequests = YES;
SoDebugBaseURL = YES;
SOGoEASDebugEnabled = YES;
ImapDebugEnabled = YES;
LDAPDebugEnabled = YES;
MySQL4DebugEnabled = YES;
PGDebugEnabled = YES;
SOGoUIxDebugEnabled = YES;
WODontZipResponse = YES;
/* Authentication */
SOGoPasswordChangeEnabled = NO;
/* Web Interface */
SOGoPageTitle = SOGo;
//SOGoVacationEnabled = YES;
//SOGoForwardEnabled = YES;
//SOGoSieveScriptsEnabled = YES;
//SOGoMailAuxiliaryUserAccountsEnabled = YES;
//SOGoTrustProxyAuthentication = NO;
//SOGoXSRFValidationEnabled = YES;
MySQL4Encoding = "utf8mb4";
SOGoProfileURL =
"mysql://user:password@127.0.0.1:3306/sogo/sogo_user_profile";
OCSFolderInfoURL =
"mysql://user:password@127.0.0.1:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"mysql://user:password@127.0.0.1:3306/sogo/sogo_sessions_folder";
OCSEMailAlarmsFolderURL =
"mysql://user:password@127.0.0.1:3306/sogo/sogo_alarms_folder";
SOGoLanguage = English;
SOGoAppointmentSendEMailNotifications = YES;
SOGoMailingMechanism = smtp;
SOGoSMTPServer = 127.0.0.1;
SOGoTimeZone = UTC;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoDraftsFolderName = Drafts;
SOGoIMAPServer =
