Hi,
I try to get a SAML login working and failed. I read a lot in this
list and think I'm pretty close towards a working setup. I managed to
get redirected to the IDP login screen and while I get redirected back
to SOGo I get this error message:
---
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
---
The sogo.log to this request is:
---
Jun 24 11:16:38 sogod [2131]: |SOGo| starting method 'GET' on uri '/SOGo'
Jun 24 11:16:38 sogod [2131]: <0x0x5572c15faaa0[SOGoCache]> Cache
cleanup interval set every 3600.000000 seconds
Jun 24 11:16:38 sogod [2131]: <0x0x5572c15faaa0[SOGoCache]> Using
host(s) '127.0.0.1' as server(s)
Jun 24 11:16:38 sogod [2131]: [WARN]
<0x0x7fc5bc4d8a80[WOxElemBuilder]> could not locate builders:
WOxExtElemBuilder,WOxExtElemBuilder
Jun 24 11:16:38 sogod [2131]: [ERROR]
<0x0x5572c19e0770[SOGoUserManager]> No authentication sources defined
- nobody will be able to login. Check your defaults.
2023-06-24 11:16:38.057 sogod[2131:2131]
<MySQL4Channel[0x0x5572c1582b10] connection=0x0x5572c17d4950> SQL:
SELECT c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous';
2023-06-24 11:16:38.058 sogod[2131:2131]
<MySQL4Channel[0x0x5572c1582b10] connection=0x0x5572c17d4950> query
has results, entering fetch-mode.
Jun 24 11:16:38 sogod [2131]: |SOGo| request took 0.152470 seconds to execute
Jun 24 11:16:38 sogod [2131]: 79.140.187.148, 172.27.11.107 "GET /SOGo
HTTP/1.1" 302 0/0 0.155 - - 6M - 12
Jun 24 11:16:44 sogod [2131]: |SOGo| starting method 'POST' on uri
'/SOGo/saml2-signon-post'
Jun 24 11:16:44 sogod [2128]: <0x0x5572c1604cf0[WOWatchDogChild]>
child 2131 exited
Jun 24 11:16:44 sogod [2128]: <0x0x5572c1604cf0[WOWatchDogChild]>
(terminated due to signal 11)
Jun 24 11:16:44 sogod [2128]: <0x0x5572c1543c80[WOWatchDog]> child
spawned with pid 2135
2023-06-24 11:16:44.602 sogod[2135:2135] MySQL4 connection established
0x0x5572c168a150
2023-06-24 11:16:44.602 sogod[2135:2135] ---------- -[MySQL4Channel
openChannel]: <MySQL4Channel[0x0x5572c155ae80]
connection=0x0x5572c168a150> opens channel count[0]
2023-06-24 11:16:44.602 sogod[2135:2135] MySQL4 channel
0x0x5572c155ae80 opened (connection=0x0x5572c168a150,sogo)
2023-06-24 11:16:44.602 sogod[2135:2135]
<MySQL4Channel[0x0x5572c155ae80] connection=0x0x5572c168a150> SQL:
SELECT 1 FROM sogo_user_profile WHERE 1 = 2;
2023-06-24 11:16:44.603 sogod[2135:2135]
<MySQL4Channel[0x0x5572c155ae80] connection=0x0x5572c168a150> query
has results, entering fetch-mode.
2023-06-24 11:16:44.603 sogod[2135:2135]
<MySQL4Channel[0x0x5572c155ae80] connection=0x0x5572c168a150> SQL:
SELECT 1 FROM sogo_folder_info WHERE 1 = 2;
2023-06-24 11:16:44.603 sogod[2135:2135]
<MySQL4Channel[0x0x5572c155ae80] connection=0x0x5572c168a150> query
has results, entering fetch-mode.
2023-06-24 11:16:44.605 sogod[2135:2135]
<MySQL4Channel[0x0x5572c155ae80] connection=0x0x5572c168a150> SQL:
SELECT 1 FROM sogo_sessions_folder WHERE 1 = 2;
2023-06-24 11:16:44.605 sogod[2135:2135]
<MySQL4Channel[0x0x5572c155ae80] connection=0x0x5572c168a150> query
has results, entering fetch-mode.
Jun 24 11:16:44 sogod [2135]: <0x0x5572c176b150[WOHttpAdaptor]>
notified the watchdog that we are ready
---
I think the WOWatchDogChild kills for whatever reason the login
process... Previously I got a this error:
---
sogo.log.1:2023-06-22 19:10:31.616 sogod[4831:4831] EXCEPTION:
<NSException: 0x560f461a0690> NAME:NSInvalidArgumentException
REASON:Tried to add nil value for key 'login' to dictionary INFO:{}
---
But after adding a login key (as a AttributeStatement Mapper/User
Property) to the SAML answer the above error message is thrown.
I try to get the SAML login working with Debian bookworm and Keykoack 21.1.1.
---
dpkg -l | grep -e 'sogo\|sope'
ii libsope1 5.8.0-1
amd64 SKYRiX Object Publishing Environment (shared libraries)
ii sogo 5.8.0-1
amd64 Scalable groupware server
ii sogo-activesync 5.8.0-1
amd64 Scalable groupware server - ActiveSync module
ii sogo-common 5.8.0-1 all
Scalable groupware server - common files
---
My sogo.conf looks like this:
---
{
SOGoDebugRequests = YES;
SoDebugBaseURL = YES;
SOGoEASDebugEnabled = YES;
ImapDebugEnabled = YES;
LDAPDebugEnabled = YES;
MySQL4DebugEnabled = YES;
PGDebugEnabled = YES;
SOGoUIxDebugEnabled = YES;
WODontZipResponse = YES;
/* Authentication */
SOGoPasswordChangeEnabled = NO;
/* Web Interface */
SOGoPageTitle = SOGo;
//SOGoVacationEnabled = YES;
//SOGoForwardEnabled = YES;
//SOGoSieveScriptsEnabled = YES;
//SOGoMailAuxiliaryUserAccountsEnabled = YES;
//SOGoTrustProxyAuthentication = NO;
//SOGoXSRFValidationEnabled = YES;
MySQL4Encoding = "utf8mb4";
SOGoProfileURL =
"mysql://user:[email protected]:3306/sogo/sogo_user_profile";
OCSFolderInfoURL =
"mysql://user:[email protected]:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"mysql://user:[email protected]:3306/sogo/sogo_sessions_folder";
OCSEMailAlarmsFolderURL =
"mysql://user:[email protected]:3306/sogo/sogo_alarms_folder";
SOGoLanguage = English;
SOGoAppointmentSendEMailNotifications = YES;
SOGoMailingMechanism = smtp;
SOGoSMTPServer = 127.0.0.1;
SOGoTimeZone = UTC;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoDraftsFolderName = Drafts;
SOGoIMAPServer = "imaps://dovecot.example.com:143/?tls=YES";
SOGoSieveServer = "sieve://dovecot.example.com:4190/?tls=YES";
SOGoIMAPAclConformsToIMAPExt = YES;
SOGoFirstDayOfWeek = 0;
SOGoMailMessageCheck = manually;
SOGoMemcachedHost = 127.0.0.1;
SOGoCacheCleanupInterval = 3600;
NGImap4AuthMechanism = PLAIN;
SOGoForceExternalLoginWithEmail = YES;
SOGoAuthenticationType = saml2;
SOGoSAML2PrivateKeyLocation = "/etc/sogo/sogo-saml.key";
SOGoSAML2CertificateLocation = "/etc/sogo/sogo-saml.crt";
SOGoSAML2IdpMetadataLocation = "/etc/sogo/idp-metadata.xml";
SOGoSAML2IdpPublicKeyLocation = "/etc/sogo/idp.key";
SOGoSAML2IdpCertificateLocation = "/etc/sogo/idp.crt";
#SOGoSAML2IdpCertificateLocation = "/etc/ssl/certs/";
SOGoSAML2LoginAttribute = "username";
SOGoSAML2LogoutEnabled = YES;
SOGoSAML2LogoutURL = "https://sogo.example.com/";;
}
Anyone any ideas how to get SAML login working with SOGo?
FYI: The login to dovecot already works with Keycloak from Thunderbird.
---
