I have probably misconfigured something, but I was hoping someone might have a hunch to point me in the right direction. After configuring this module as best I can, when I visit /user I end up in a redirect loop. The redirects are:
Does anyone happen to know what this behavior is symptomatic of? My impression is that /saml_login sends a request to my IdP in the background. Is it possible my IdP is responding in some way that would trigger a redirect back to /user/login?
Here is my (redacted) config:
_core:
default_config_hash: oDGEkhP0h5rXXqlDplxeBDre0goLigOJupHKMDMwcqM
login_menu_item_title: ''
logout_menu_item_title: ''
login_link_show: true
login_link_title: 'Login via SSO'
login_redirect_url: ''
logout_redirect_url: ''
error_redirect_url: ''
error_throw: false
local_login_saml_error: false
logout_different_user: false
drupal_login_roles:
authenticated: '0'
administrator: '0'
content_creator: '0'
content_publisher: '0'
block_manager: '0'
content_manager: '0'
media_manager: '0'
sp_entity_id: doj_legacysites_saml_service_provider
sp_name_id_format: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress'
sp_x509_certificate: [redacted]
sp_new_certificate: ''
sp_private_key: [redacted]
metadata_valid_secs: 60
metadata_cache_http: false
idp_entity_id: 'http://redacted.com/services/trust'
idp_single_sign_on_service: 'https://redacted.com/ls/'
idp_single_log_out_service: 'https://redacted.com/ls/'
idp_change_password_service: ''
idp_certs:
- [redacted]
idp_cert_encryption: ''
unique_id_attribute: emailAddress
map_users: false
map_users_name: false
map_users_mail: true
map_users_roles:
administrator: administrator
content_creator: content_creator
content_publisher: content_publisher
block_manager: block_manager
content_manager: content_manager
media_manager: media_manager
create_users: true
sync_name: false
sync_mail: false
user_name_attribute: emailAddress
user_mail_attribute: emailAddress
request_set_name_id_policy: true
strict: true
security_metadata_sign: false
security_authn_requests_sign: true
security_logout_requests_sign: true
security_logout_responses_sign: true
security_nameid_encrypt: false
security_signature_algorithm: ''
security_encryption_algorithm: ''
security_messages_sign: true
security_assertions_signed: false
security_assertions_encrypt: false
security_nameid_encrypted: false
security_want_name_id: true
security_request_authn_context: true
security_lowercase_url_encoding: true
security_logout_reuse_sigs: false
security_allow_repeat_attribute_name: false
debug_display_error_details: false
debug_log_in: false
debug_log_saml_in: false
debug_log_saml_out: false
debug_phpsaml: false
use_proxy_headers: false
use_base_url: true
bypass_relay_state_check: false
Thank you for any advice!
Fixed
3.0
Miscellaneous
I think I figured it out - we needed to uninstall the simplesamlphp_auth module (duh...). The clue was that the path "saml_login" has nothing to do with this module.
Sorry for the noise!
Automatically closed - issue fixed for 2 weeks with no activity.