- πΊπΈUnited States minkahb
Hi,
I have a Drupal 9.5.3, with php 8.3.2. I installed samlauth 8.x-3.8 via composer. I wanted the ACS url to return as https instead of http.
I enabled various reverse_proxy values in settings.php and now I see the ACS url with https, but I get the error "invalid_response; reason given for last error: Signature validation failed. SAML Response rejected" .
I went back to samlauth 8.x-3.2, and I am still getting the error "invalid_response; reason given for last error: Signature validation failed. SAML Response rejected".
- πΊπΈUnited States minkahb
I reverted to samlauth 8.x-3.8 and was able to get this to work once I used the correct certificate.
This is what I had to enable in /var/www/devportal/web/sites/default/settings.php :
$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = [$_SERVER['REMOTE_ADDR']];
- πΊπΈUnited States kevinquillen
Does this work with Acquia Connector 4?
- π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
@kevinquillen - I believe the answer is "yes; this issue only applies to the ACSF module specifically".
Please check my reasoning:
- I do not know of Acquia Connector itself doing anything with SAML SSO. (Then again, I have only seen it briefly, years ago.)
- I'm assuming you are using the samlauth module on 'regular' Acquia hosting (not ACSF), and that you're using it to log in through an Identity Provider that is not part of Acquia's hosting infrastructure.
Then there's no issue. Specifics: ACSF has a custom (not equal to the 'regular') Acquia dashboard for managing its cookie-cutter sites, and people can log into their individual sites from the dashboard. That is -- this custom ACSF dashboard acts like a SAML IdP, and the bug is specifically in the auto-configuration of that Acquia IdP.
---
@minkahb - for completeness (to the other issue readers)
- from your description, I believe the site you have an issue with, is not on Acquia Cloud Site Factory (ACSF) -- so this issue is unrelated
- I'm happy you got it to work - your error indeed sounded like a local certificate issue.
- The reverse proxy settings should be documented in this module's readme; π¬ Force HTTPS for ACS and SLS Closed: works as designed is open to remind me of this. (Though the value of $_SERVER['REMOTE_ADDR'] smells like something strange is going on in your case. I can't fully judge the situation, though.)
- Status changed to Closed: outdated
5 months ago 7:57pm 7 August 2024 - π³π±Netherlands roderik Amsterdam,NL / Budapest,HU
π Compatibility with samlauth >= 8.3 Fixed was fixed 8 months ago.