View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0005292SOGoWeb Mailpublic2021-04-02 10:082021-06-01 13:37
Reporterwebtech Assigned Tofrancis  
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
PlatformServerOSUbuntuOS Version20.04
Product Version5.1.0 
Fixed in Version5.1.1 
Summary0005292: SAML auth seems to have stopped working between 5.0.1-1 and 5.1.0-1
Description

When SAML is enabled you don't get directed to the IDP. you just get the normal username/password screen.

Nothing logged even with debug but when navigating to /SOGO/saml2data it doesn't display the xml and you get the following:

Apr 02 10:46:20 sogod [14630]: [ERROR] [so-action 0x0x555b8aeda0d0 SOGoSAML2Actions] did not find action class: SOGoSAML2Actions
Apr 02 10:46:20 sogod [14630]: [ERROR] [so-action 0x0x555b8ae25450 SOGoSAML2Actions] did not find method 'SOGoSAML2Actions'

Steps To Reproduce

Install SOGo
Configure for SAML

Watch as it fails to redirect to the Identity provider.

Additional Information

Tried switching to nightlies but it's still broken.

TagsNo tags attached.

Activities

francis

francis

2021-04-09 20:38

administrator   ~0015195

Were you running 5.0.1 on the same platform (Ubuntu 20.04)?

Are you using the nightly builds? Are you compiling sogod yourself?
webtech

webtech

2021-04-09 20:56

reporter   ~0015196

Yes I have production running on Ubuntu 20.04 and an upgrade to one of those server builds will break SAML auth.

I'm using the production builds. I did try with the nightly build to see if that fixed it but it didn't. It's not obvious to me which of the updates from 5.0.1 to 5.1.0 would have broken SAML auth but it's reproducible.
artonge

artonge

2021-04-14 13:40

reporter   ~0015199

I am experiencing the same error with v5.1.0

I am compiling SOGo myself in the Dockerfile: https://gitlab.com/flap-box/sogo/-/blob/master/Dockerfile.
The configuration file used is with SAML properties turned off: https://gitlab.com/flap-box/sogo/-/blob/master/config/sogo.template.conf

With debug log enabled I have that:

|SOGo| starting method 'GET' on uri '/SOGo/saml2-metadata'
<0x0x556fbb137450[SOGoCache]> Cache cleanup interval set every 300.000000 seconds
<0x0x556fbb137450[SOGoCache]> Using host(s) 'memcached' as server(s)
|SOGo| traverse(acquire): SOGo => saml2-metadata
|SOGo| do traverse name: 'SOGo'
|SOGo| do traverse name: 'saml2-metadata'
[ERROR] [so-action 0x0x556fbb43fa50 SOGoSAML2Actions] did not find action class: SOGoSAML2Actions
[ERROR] [so-action 0x0x556fbb1102e0 SOGoSAML2Actions] did not find method 'SOGoSAML2Actions'
|SOGo| traverse miss: name=saml2-metadata, acquire: i=1,count=2
|SOGo| miss is last object.
|SOGo| handle miss error: <SoAuthRequiredException: 0x556fbb463dc0> NAME:SoAuthRequired REASON:authentication required
PG0x0x556fbb23f0c0 SQL: SELECT c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous'
|SOGo| request took 0.038368 seconds to execute
<0x0x556fbb1ad300[WOResponse]> Zipping of response disabled
sogo "GET /SOGo/saml2-metadata HTTP/1.1" 200 27984/0 0.040 - - 4M - 12
webtech

webtech

2021-04-27 13:38

reporter   ~0015228

Can I provide any more info or do anything further to help troubleshoot this issue?
francis

francis

2021-05-25 15:24

administrator   ~0015277

Try to disable SOGoXSRFValidationEnabled in sogo.conf:

SOGoXSRFValidationEnabled = NO;
webtech

webtech

2021-05-26 08:15

reporter   ~0015278

I'm afraid that on our SOGo installs SOGoXSRFValidationEnabled is already set to 'NO'.
francis

francis

2021-05-26 13:20

administrator   ~0015279

SOGoXSRFValidationEnabled is enabled by default since 5.1.0. If it's not explicitly set to NO in sogo.conf than it is enabled.
webtech

webtech

2021-05-26 13:29

reporter   ~0015280

Sorry I should have been clearer. We do explicitly set it to NO.
francis

francis

2021-05-26 15:39

administrator   ~0015281

There's an issue with Debian/Ubuntu packaging and SAML support. We will fix it.

Related Changesets

sogo: master 5c88bd4f

2021-05-17 11:06

francis


Details Diff		 chore(debian): enable SAML support for all Debian/Ubuntu distros

Fixes 0005292		 Affected Issues
0005292
mod - packaging/debian/rules Diff File

Issue History

Date Modified Username Field Change
2021-04-02 10:08 webtech New Issue
2021-04-09 20:38 francis Note Added: 0015195
2021-04-09 20:56 webtech Note Added: 0015196
2021-04-14 13:40 artonge Note Added: 0015199
2021-04-27 13:38 webtech Note Added: 0015228
2021-05-25 15:24 francis Note Added: 0015277
2021-05-26 08:15 webtech Note Added: 0015278
2021-05-26 13:20 francis Note Added: 0015279
2021-05-26 13:29 webtech Note Added: 0015280
2021-05-26 15:39 francis Note Added: 0015281
2021-06-01 12:29 francis Changeset attached => sogo master 5c88bd4f
2021-06-01 12:29 francis Assigned To => francis
2021-06-01 12:29 francis Resolution open => fixed
2021-06-01 13:37 francis Status new => resolved
2021-06-01 13:37 francis Fixed in Version => 5.1.1