Problem: SAML-Login notworking

Problem

When a user tries to login with saml, he gets the following error-message:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION

Backtrace:
0 /usr/share/simplesamlphp/www/module.php:180 (N/A)
Caused by: Exception: Error authenticating using search username & password.
Backtrace:
4 /usr/share/simplesamlphp/modules/ldap/lib/ConfigHelper.php:196 (sspmod_ldap_ConfigHelper::login)
3 /usr/share/simplesamlphp/modules/uldap/lib/Auth/Source/uLDAP.php:57 (sspmod_uldap_Auth_Source_uLDAP::login)
2 /usr/share/simplesamlphp/modules/core/lib/Auth/UserPassBase.php:253 (sspmod_core_Auth_UserPassBase::handleLogin)
1 /usr/share/simplesamlphp/modules/core/www/loginuserpass.php:67 (require)
0 /usr/share/simplesamlphp/www/module.php:137 (N/A)

Investigation and Solution

Check if the Password for the idp-user is still the same as in ldap:

root@server:~# ldapsearch -LLL -x -ZZ -p7389 \
-h $'(hostname -f)' \
-D uid=sys-idp-user,cn=users,$(ucr get ldap/base) \
-w $(cat /etc/idp-ldap-user.secret) uid=sys-idp-user uid

ldap_bind: Invalid credentials (49)

As we can see, the password for the idp-user needs to be rewritten into ldap so it’s the same as in the password file /etc/idp-ldap-user.secret:

root@server:~# udm users/ldap modify \
--set password=$(cat /etc/idp-ldap-user.secret) \
--set overridePWHistory=1 \
--set overridePWLength=1 \
--dn uid=sys-idp-user,cn=users,$(ucr get ldap/base)

Object modified: uid=sys-idp-user,cn=users,dc=paedml-linux,dc=lokal

Now check again if the idp-user is able to login:

root@server:~# ldapsearch -LLL -x -ZZ -p7389 \
-h $'(hostname -f)' \
-D uid=sys-idp-user,cn=users,$(ucr get ldap/base) \
-w $(cat /etc/idp-ldap-user.secret) uid=sys-idp-user uid

dn: uid=sys-idp-user,cn=users,dc=paedml-linux,dc=lokal
uid: sys-idp-user

This topic was automatically closed after 24 hours. New replies are no longer allowed.