> Am 01.07.2013 um 20:10 schrieb Stephen Ingram <sbing...@gmail.com>:
> On Sat, Jun 29, 2013 at 6:13 AM, Ludovic Marcotte <lmarco...@inverse.ca 
> <mailto:lmarco...@inverse.ca>> wrote:
> On 2013-06-29 1:57 AM, Stephen Ingram wrote:
>> The makefile in SoObjects/SOGo (line 149) indicates the presence of this 
>> metadata file, but there is none. The code in SOGoSAML2Session also appears 
>> to look for this file (SOGoSAML2Metadata.xml). Does this need to be added 
>> before compiling? I've tried adding it to the WebserverResources directory, 
>> but SOGo still doesn't pick it up.
> Try placing it in /usr/sbin/Resources/sogod/Resources/  (adjust depending on 
> where your sogod binary is located and create the Resources directory).
> That is just to some brain damage in the bundle loading code.
> That doesn't work, but it did give me a hint as to where it should be. The 
> magic location is /usr/lib/GNUstep/Frameworks/SOGo.framework/Resources/. I 
> can now see the metadata when browsing to 
> https://webmail.4test.net/SOGo/saml2-metadata 
> <https://webmail.4test.net/SOGo/saml2-metadata>. If I try to login at 
> https://webmail.4test.net/SOGo <https://webmail.4test.net/SOGo> I am 
> correctly re-directed to the IdP for authentication.
> I still don't have a working system as once authenticating at the IdP, SOGo 
> apparently doesn't receive what it's looking for and tries to login with 
> nothing:
> EXCEPTION: <NSException: 0xb9b535fc> NAME:NSInvalidArgumentException 
> REASON:Tried to add nil value for key 'login' to dictionary INFO:{}
> which results in a proxy error:
> The proxy server received an invalid response from an upstream server. The 
> proxy server could not handle the request POST /SOGo/saml2-signon-post.
> Looking at the code, I see that SOGo maybe only wants either the uid or mail 
> attributes encoded in a SAML2NameID format. I'm not sure if the endpoint 
> /SOGo/saml2-signon-post is correct or not as I gleaned it from error logs 
> listing typical SOGo requests. Are /SOGo/saml2-metadata and 
> /SOGo/saml2-signon-post the only two endpoints?
> Steve


I know that was long ago, but maybe someone can help. I tried setting up SOGo 
3.1.5 on Debian Jessie with SAML Auth (SimpleSAMLphp IdP is working properly 
with Shibboleth SP).
Following Configuration:

        // SAML
        SOGoAuthenticationType = saml2;
        SOGoSAML2PrivateKeyLocation = "/etc/sogo/saml.pem";
        SOGoSAML2CertificateLocation = "/etc/sogo/saml.crt";
        SOGoSAML2IdpMetadataLocation = "/etc/sogo/idp-metadata.xml";
        SOGoSAML2IdpPublicKeyLocation = "/etc/sogo/idp.crt";
        SOGoSAML2IdpCertificateLocation = "/etc/sogo/idp.crt";
        SOGoSAML2LoginAttribute = mail;
        SOGoSAML2LogoutEnabled = YES;
        SOGoSAML2LogoutURL = "https://example.com“;

I also tried it without SOGoSAML2LoginAttribute, but I get the same error as 

        Sep 16 19:01:00 sogod [17999]: <0x0x7f7b1f9a4fc0[SOGoCache]> Cache 
cleanup interval set every 300.000000 seconds
        Sep 16 19:01:00 sogod [17999]: <0x0x7f7b1f9a4fc0[SOGoCache]> Using 
host(s) 'localhost' as server(s)
        EXCEPTION: <NSException: 0x7f7b1ff7eb90> 
NAME:NSInvalidArgumentException REASON:Tried to add nil value for key 'login' 
to dictionary INFO:{}
        Sep 16 19:01:00 sogod [17945]: <0x0x7f7b1fc00530[WOWatchDogChild]> 
child 17999 exited
        Sep 16 19:01:00 sogod [17945]: <0x0x7f7b1fc00530[WOWatchDogChild]>  
(terminated due to signal 6)
        Sep 16 19:01:00 sogod [17945]: <0x0x7f7b1fa1c190[WOWatchDog]> child 
spawned with pid 18002

How could you resolve this, Stephen?


PS: There is a typo in the documentation: SOGoSAML2CertiTicateLocation ;) Cost 
me half an hour to find out.

Reply via email to