~fkooman

Berlin

https://www.tuxed.net/

Trackers

~fkooman/php-saml-sp

Last active 6 months ago

~fkooman/eduVPN

Last active 10 months ago

#3 auto delete user accounts after not being used for X days? 8 days ago

v3.x added by ~fkooman on ~eduvpn/server

#1 make vpn-ca CA expiry configurable 8 days ago

Comment by ~fkooman on ~eduvpn/server

it is set to 10y now for 3.x

REPORTED RESOLVED FIXED

#2 use CA expiry also as upper bound for sessionExpiry 8 days ago

on ~eduvpn/server

REPORTED RESOLVED FIXED

#3 Encryption error 500 6 months ago

Comment by ~fkooman on ~fkooman/php-saml-sp

just so you know, there still could be a bug in php-saml-sp (or simpleSAMLphp).

At least php-saml-sp does work with Shibboleth IdPs with EncryptedAssertion, but we'll look at that then...

#3 Encryption error 500 6 months ago

Comment by ~fkooman on ~fkooman/php-saml-sp

Thanks for the trace. Whatever the exact error is, for sure it won't work as the encryption is done using "http://www.w3.org/2001/04/xmlenc#aes128-cbc", which is not supported by php-saml-sp for security reasons (it is very broken). We only support aes-256-gcm, so that would have to be fixed. I am not sure whether simpleSAMLphp now supports aes-256-gcm for EncryptedAssertion, but I saw some work on xmlseclib regarding aes-256-gcm.

If you want to have the legacy encryption working I'd recommend using Shibboleth-SP instead of php-saml-sp... See https://github.com/eduvpn/documentation/blob/v2/SAML.md for Shib instructions on Debian and CentOS.

#3 Encryption error 500 6 months ago

Comment by ~fkooman on ~fkooman/php-saml-sp

Yes!

#3 Encryption error 500 6 months ago

Comment by ~fkooman on ~fkooman/php-saml-sp

Which IdP (software) is used? Would it be possible to either provide a "SAML Trace" (https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/) or provide access to a test account? You can either wait until the assertion is no longer valid, or provide it by e.g. mail.

We did not test all IdPs, only a subset of them, so it may be we missed some...

#3 Encryption error 500 6 months ago

bug added by ~fkooman on ~fkooman/php-saml-sp

#2 verify timezone issues 7 months ago

Comment by ~fkooman on ~fkooman/php-saml-sp

REPORTED RESOLVED FIXED

#3 auto delete user accounts after not being used for X days? 7 months ago

Ticket created by ~fkooman on ~eduvpn/server