Buenas… Desde UNL ya hemos instalado la versión 1.0 de manera exitosa y la estuvimos probando.
Actualmente estamos intentando instalar la versión 2.0 de Araí con el ejemplo que han colocado en la Wiki ( http://documentacion.siu.edu.ar/wiki/SIU-Arai/arai2ejemplo ).
- El módulo de Araí-Registry se instaló correctamente según la última verificación planteada en dicho tutorial de ayuda.
- Tenemos un inconveniente cuando finalizamos la instalación del módulo Araí-Usuarios.
Luego de la instalación y configuración del virtualhost de apache, se ingresa sin problemas a la URL “http://usuarios.local.siu/gestion”. Allí, lee correctamente los usuarios de LDAP en la sección de usuarios.
El inconveniente aparece luego de ejecutar los comandos de registry:
./bin/arai-cli registry:add --maintainer-email sschinner@rectorado.unl.edu.ar --maintainer admin http://registry.local.siu/arai-registry
./bin/arai-cli registry:sync
La salida de consola de esos comandos se pueden visualizar en la imagen adjunta “salidaComandos.png”.
Luego de ejecutar esos comandos, volvemos a ingresar a la URL, donde nos redirige al modulo IDP de logueo.
Allí, el logueo funciona correctamente contra LDAP ya que vemos que ante una contraseña errónea nos muestra el mensaje acorde, pero ante un logueo exitoso, nos muestra un mensaje de error. En las imágenes adjuntas “errorLogueoErroneo.png” y “errorLogueoExitoso.png” pueden verse ambos mensajes.
Al momento del logueo exitoso se registra el siguiente log en el error.log de apache:
[Mon Jun 04 12:37:43.855583 2018] [:error] [pid 1460] [client 192.168.10.1:42662] simplesamlphp WARNING [6d3ea5e58b] Authentication request specifies invalid AssertionConsumerService:
[Mon Jun 04 12:37:43.856036 2018] [:error] [pid 1460] [client 192.168.10.1:42662] simplesamlphp WARNING [6d3ea5e58b] AssertionConsumerServiceURL: 'http://usuarios.local.siu/gestion?acs'
[Mon Jun 04 12:37:43.856299 2018] [:error] [pid 1460] [client 192.168.10.1:42662] simplesamlphp WARNING [6d3ea5e58b] ProtocolBinding: 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
[Mon Jun 04 12:38:09.704209 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp NOTICE STAT [6d3ea5e58b] User 'admin' has been successfully authenticated., referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.721468 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp NOTICE STAT [6d3ea5e58b] saml20-idp-SSO-first http://usuarios.local.siu/gestion/default-sp http://usuarios.local.siu/idp/saml2/idp/metadata.php NA, referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.721865 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp NOTICE STAT [6d3ea5e58b] saml20-idp-SSO http://usuarios.local.siu/gestion/default-sp http://usuarios.local.siu/idp/saml2/idp/metadata.php NA, referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.723307 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] SimpleSAML_Error_Error: UNHANDLEDEXCEPTION, referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.723636 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] Backtrace:, referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.723767 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 0 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/www/module.php:180 (N/A), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.723923 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] Caused by: SimpleSAML_Error_Exception: saml20-idp-hosted/'http://usuarios.local.siu/idp/saml2/idp/metadata.php': Could not find PEM encoded certificate in "/usr/local/siu/usuarios/config/certs_idp/certificado_idp.key"., referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.724124 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] Backtrace:, referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.724273 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 11 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Configuration.php:1252 (SimpleSAML_Configuration::getPublicKeys), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.724413 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 10 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Utils/Crypto.php:241 (SimpleSAML\\Utils\\Crypto::loadPublicKey), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.724599 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 9 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/Message.php:28 (sspmod_saml_Message::addSign), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.724789 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 8 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/IdP/SAML2.php:792 (sspmod_saml_IdP_SAML2::buildAssertion), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.724977 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 7 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/IdP/SAML2.php:38 (sspmod_saml_IdP_SAML2::sendResponse), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.725114 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 6 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/IdP.php:287 (SimpleSAML_IdP::postAuthProc), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.725286 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 5 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/IdP.php:333 (SimpleSAML_IdP::postAuth), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.725433 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 4 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Auth/Source.php:229 (SimpleSAML_Auth_Source::loginCompleted), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.725642 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 3 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Auth/Source.php:145 (SimpleSAML_Auth_Source::completeAuth), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.725797 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 2 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/modules/core/lib/Auth/UserPassBase.php:266 (sspmod_core_Auth_UserPassBase::handleLogin), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.725994 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 1 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/modules/arai/www/loginuserpass.php:89 (require), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.726141 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] 0 /usr/local/siu/usuarios/vendor/simplesamlphp/simplesamlphp/www/module.php:137 (N/A), referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
[Mon Jun 04 12:38:09.726376 2018] [:error] [pid 1462] [client 192.168.10.1:42666] simplesamlphp ERR [6d3ea5e58b] Error report with id a6b0c015 generated., referer: http://usuarios.local.siu/idp/module.php/arai/loginuserpass.php?AuthState=_3808e7bd4ea3700945a78af27cc2d8e3fc3de5efcd%3Ahttp%3A%2F%2Fusuarios.local.siu%2Fidp%2Fsaml2%2Fidp%2FSSOService.php%3Fspentityid%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252Fdefault-sp%26cookieTime%3D1528126663%26RelayState%3Dhttp%253A%252F%252Fusuarios.local.siu%252Fgestion%252F
En este caso, se crearon correctamente los certificados:
bin/instalador instalacion:generar-certs-idp -d /usr/local/siu/usuarios/config/certs_idp -n
y se configuraron las rutas en el archivo “arai-usuarios.env” de manera correcta.
Se realizó una prueba de permisos con el usuario www-data y eso está OK:
root@debian:/usr/local# su www-data -s /bin/sh -c "cat /usr/local/siu/usuarios/config/certs_idp/certificado_idp.key"
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDjxrUWcCokr0Nh
lksDEG9HA2CjyjOy4RBnog0VlPtcYQ648QZQP3tzIsFUi8mQsWe9qCX9AgssShHc
ieXnJ9TwkCvqmPev8WeJfq8eAsQoYr1vmhup8REp8zKCREK1f/1vNpUquw6B4+KT
ha0DkUb6EwU5I/qsDDcrkkzES2xiYgv+M62UWbcBIm8nzt+RxCDaGhohssC5snhd
T92OtVyZB5vDEouRL7g3TX/key5EEw+nUTUukZ2xdSYriexdatU4pivQIn2badbL
Alguna sugerencia al respecto?