[ZendTo] SAML Connection error on ZendTo

Wed Dec 29 10:24:00 GMT 2021

Hello all,

Just to tell you, that I found a solution of my SAML connection problem.
On SAML mini site, I saw that metadata was expired and the certificate in the metadata I got on the Zendto Server with the refresh was not the same I found in the metadata on Azure AD.

So as I was not sure about which certificate is which :
1/ I generated a new one on Zendto with the command provided in the documentation :
You can use a self-signed certificate for this. Run this as root, and it will generate the certificate and private key files for you:
openssl req -newkey rsa:3072 -new -x509 -days 3652 -nodes -out /opt/zendto/simplesamlphp/cert/saml.crt -keyout /opt/zendto/simplesamlphp/cert/saml.pem

2/ And I ran the command to fetch the IdP metadata for the first time provided in the Zendto documentation :
Replacing 'IDP-METADATA-URL' with the App Federation Metadata Url you just copied from Azure, run this command:
/opt/zendto/simplesamlphp/modules/metarefresh/bin/metarefresh.php -s 'IDP-METADATA-URL'

3/ Then I did fetch of the metadata with this script :

/opt/zendto/sbin/refresh_saml_metadata.sh

Connection to Zendto works fine now once again.
I think, the first step is not necessary, but as I executed it, I thought, I'd better mention it.

Best regards,
Marita HILLENBRAND
Service Informatique
Centre Administratif et Technique
130, avenue Charles de Gaulle - 91230 Montgeron
Tél : 01 70 58 93 40  Port : 06 24 04 43 58
www.montgeron.fr<https://www.montgeron.fr/>

[cid:image001.jpg at 01D7FCA6.92F465A0]
Participez, vous aussi, à la protection de l'environnement en n'imprimant ce courriel que si nécessaire.
Le présent courriel peut contenir des renseignements confidentiels et ne s'adresse qu'au(x) destinataire(s) indiqué(s) ci-dessus. Si ce courriel vous est parvenu par erreur, veuillez le supprimer et nous en aviser aussitôt. Merci.

De : ZendTo <zendto-bounces at zend.to> De la part de HILLENBRAND Marita via ZendTo
Envoyé : mardi 28 décembre 2021 15:05
À : ZendTo Users <zendto at zend.to>
Cc : HILLENBRAND Marita <m.hillenbrand at montgeron.fr>
Objet : Re: [ZendTo] SAML Connection error on ZendTo

Hello all,

Sorry to get back to you, but does anyone else use SAML connection with Microsoft Azure AD and recently had a problem?

I'm still stuck with the error message below and I believe it's not due to an update, because the problem's still present after rollback. I'm not a developper and more like a newbe. I verified my SAML configuration files and the script to refresh metadata works fine. I can't find a solution on the web.

If anybody has a clue what's wrong, I'd be grateful.

Best regards,
Marita HILLENBRAND
Service Informatique
Centre Administratif et Technique
130, avenue Charles de Gaulle - 91230 Montgeron
Tél : 01 70 58 93 40  Port : 06 24 04 43 58
www.montgeron.fr<https://www.montgeron.fr/>

[cid:image005.jpg at 01D7FCA5.1E7B9D20]
Participez, vous aussi, à la protection de l'environnement en n'imprimant ce courriel que si nécessaire.
Le présent courriel peut contenir des renseignements confidentiels et ne s'adresse qu'au(x) destinataire(s) indiqué(s) ci-dessus. Si ce courriel vous est parvenu par erreur, veuillez le supprimer et nous en aviser aussitôt. Merci.

De : HILLENBRAND Marita
Envoyé : mardi 7 décembre 2021 11:20
À : ZendTo Users <zendto at zend.to<mailto:zendto at zend.to>>
Objet : SAML Connection error on ZendTo

Hello all,

I get the following error when trying to connect to Zendto, also there were no changes made on the server :

SimpleSAML\Error\Error: UNHANDLEDEXCEPTION
Backtrace:
1 www/_include.php:17 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: SimpleSAML\Error\Exception: Could not find the metadata of an IdP with entity ID 'https://sts.windows.net/xyxyxyxyxy/'
Backtrace:
8 modules/saml/lib/Auth/Source/SP.php:315 (SimpleSAML\Module\saml\Auth\Source\SP::getIdPMetadata)
7 modules/saml/lib/Auth/Source/SP.php:720 (SimpleSAML\Module\saml\Auth\Source\SP::startSSO)
6 modules/saml/lib/Auth/Source/SP.php:826 (SimpleSAML\Module\saml\Auth\Source\SP::authenticate)
5 lib/SimpleSAML/Auth/Source.php:208 (SimpleSAML\Auth\Source::initLogin)
4 lib/SimpleSAML/Auth/Simple.php:167 (SimpleSAML\Auth\Simple::login)
3 lib/SimpleSAML/Auth/Simple.php:109 (SimpleSAML\Auth\Simple::requireAuth)
2 modules/core/www/as_login.php:33 (require)
1 lib/SimpleSAML/Module.php:260 (SimpleSAML\Module::process)
0 www/module.php:10 (N/A)

I recently updated Zendto, but I teste dit afterwards and it worked fine.
I tried to search on the web and had a look into the SAML configuration files, but I must admit that I have no clue what's wrong.

Has anybody an idea ? Thanks a lot,

Best regards,

Marita HILLENBRAND
Service Informatique
Centre Administratif et Technique
130, avenue Charles de Gaulle - 91230 Montgeron
Tél : 01 70 58 93 40  Port : 06 24 04 43 58
www.montgeron.fr<https://www.montgeron.fr/>

[cid:image006.jpg at 01D7FCA5.1E7B9D20]
Participez, vous aussi, à la protection de l'environnement en n'imprimant ce courriel que si nécessaire.
Le présent courriel peut contenir des renseignements confidentiels et ne s'adresse qu'au(x) destinataire(s) indiqué(s) ci-dessus. Si ce courriel vous est parvenu par erreur, veuillez le supprimer et nous en aviser aussitôt. Merci.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://jul.es/pipermail/zendto/attachments/20211229/78da5282/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.jpg
Type: image/jpeg
Size: 2628 bytes
Desc: image005.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20211229/78da5282/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.jpg
Type: image/jpeg
Size: 2631 bytes
Desc: image006.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20211229/78da5282/attachment-0004.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2631 bytes
Desc: image001.jpg
URL: <http://jul.es/pipermail/zendto/attachments/20211229/78da5282/attachment-0005.jpg>