> Am 01.07.2013 um 20:10 schrieb Stephen Ingram <sbing...@gmail.com>:
>
> On Sat, Jun 29, 2013 at 6:13 AM, Ludovic Marcotte <lmarco...@inverse.ca
> <mailto:lmarco...@inverse.ca>> wrote:
> On 2013-06-29 1:57 AM, Stephen Ingram wrote:
>> The makefile in SoObjects/SOGo (line 149) indicates the presence of this
>> metadata file, but there is none. The code in SOGoSAML2Session also appears
>> to look for this file (SOGoSAML2Metadata.xml). Does this need to be added
>> before compiling? I've tried adding it to the WebserverResources directory,
>> but SOGo still doesn't pick it up.
> Try placing it in /usr/sbin/Resources/sogod/Resources/ (adjust depending on
> where your sogod binary is located and create the Resources directory).
>
> That is just to some brain damage in the bundle loading code.
>
> That doesn't work, but it did give me a hint as to where it should be. The
> magic location is /usr/lib/GNUstep/Frameworks/SOGo.framework/Resources/. I
> can now see the metadata when browsing to
> https://webmail.4test.net/SOGo/saml2-metadata
> <https://webmail.4test.net/SOGo/saml2-metadata>. If I try to login at
> https://webmail.4test.net/SOGo <https://webmail.4test.net/SOGo> I am
> correctly re-directed to the IdP for authentication.
>
> I still don't have a working system as once authenticating at the IdP, SOGo
> apparently doesn't receive what it's looking for and tries to login with
> nothing:
>
> EXCEPTION: <NSException: 0xb9b535fc> NAME:NSInvalidArgumentException
> REASON:Tried to add nil value for key 'login' to dictionary INFO:{}
>
> which results in a proxy error:
>
> The proxy server received an invalid response from an upstream server. The
> proxy server could not handle the request POST /SOGo/saml2-signon-post.
>
> Looking at the code, I see that SOGo maybe only wants either the uid or mail
> attributes encoded in a SAML2NameID format. I'm not sure if the endpoint
> /SOGo/saml2-signon-post is correct or not as I gleaned it from error logs
> listing typical SOGo requests. Are /SOGo/saml2-metadata and
> /SOGo/saml2-signon-post the only two endpoints?
>
> Steve
Hi,
I know that was long ago, but maybe someone can help. I tried setting up SOGo
3.1.5 on Debian Jessie with SAML Auth (SimpleSAMLphp IdP is working properly
with Shibboleth SP).
Following Configuration:
// SAML
SOGoAuthenticationType = saml2;
SOGoSAML2PrivateKeyLocation = "/etc/sogo/saml.pem";
SOGoSAML2CertificateLocation = "/etc/sogo/saml.crt";
SOGoSAML2IdpMetadataLocation = "/etc/sogo/idp-metadata.xml";
SOGoSAML2IdpPublicKeyLocation = "/etc/sogo/idp.crt";
SOGoSAML2IdpCertificateLocation = "/etc/sogo/idp.crt";
SOGoSAML2LoginAttribute = mail;
SOGoSAML2LogoutEnabled = YES;
SOGoSAML2LogoutURL = "https://example.com“;
I also tried it without SOGoSAML2LoginAttribute, but I get the same error as
above:
Sep 16 19:01:00 sogod [17999]: <0x0x7f7b1f9a4fc0[SOGoCache]> Cache
cleanup interval set every 300.000000 seconds
Sep 16 19:01:00 sogod [17999]: <0x0x7f7b1f9a4fc0[SOGoCache]> Using
host(s) 'localhost' as server(s)
EXCEPTION: <NSException: 0x7f7b1ff7eb90>
NAME:NSInvalidArgumentException REASON:Tried to add nil value for key 'login'
to dictionary INFO:{}
Sep 16 19:01:00 sogod [17945]: <0x0x7f7b1fc00530[WOWatchDogChild]>
child 17999 exited
Sep 16 19:01:00 sogod [17945]: <0x0x7f7b1fc00530[WOWatchDogChild]>
(terminated due to signal 6)
Sep 16 19:01:00 sogod [17945]: <0x0x7f7b1fa1c190[WOWatchDog]> child
spawned with pid 18002
How could you resolve this, Stephen?
Thanks,
Christoph
PS: There is a typo in the documentation: SOGoSAML2CertiTicateLocation ;) Cost
me half an hour to find out.
--
users@sogo.nu
https://inverse.ca/sogo/lists
