the RPM and DEB packages are confusing as they do not really show the correct path for the certificate/key used by the SP.
Make sure the error messages shows the correct path, i.e.
We already patch
CryptoKeysin the RPM and DEB package, so we might as well directly point them to the real location instead of the symlinked location.
ERROR: [RuntimeException] unable to read key file "/usr/share/php-saml-sp/keys/signing.crt"
Done for Debian / Ubuntu:
ERROR: [RuntimeException] unable to read key file "/etc/ssl/php-saml-sp/signing.crt"
What we need is production repository builds, it is available in testing now (
We could have also used realpath$ php -r 'echo realpath("/usr/share/php-saml-sp/keys");' /etc/ssl/php-saml-sp
One little issue:$ php -r 'var_dump(realpath("/usr/share/php-saml-sp/keys/signing.crt"));' bool(false) $ sudo php -r 'var_dump(realpath("/usr/share/php-saml-sp/keys/signing.crt"));' string(32) "/etc/ssl/php-saml-sp/signing.crt"
So, if there is no permission to access the file, it will return
false, which doesn't help us! :(
So perhaps the DEB/RPM patches are still the best (most clear for admin) solution.