Re: [SOGo] SAML login not working / Keycloak 21.1.1 / Debian bookworm

Mon, 26 Jun 2023 00:54:58 -0700 

Hi,
In your logs you have a segfault. You need to provide a backtrace according to https://www.sogo.nu/support/faq/how-do-i-debug-sogo.html 

Here it is:

---

2023-06-26 07:39:05.169 sogod[816:816]  
<MySQL4Channel[0x0x55555592c620] connection=0x0x555555b03650> SQL:  
SELECT c_defaults FROM sogo_user_profile WHERE c_uid = 'anonymous';
2023-06-26 07:39:05.171 sogod[816:816]  
<MySQL4Channel[0x0x55555592c620] connection=0x0x555555b03650>   query  
has results, entering fetch-mode.

Jun 26 07:39:05 sogod [816]: |SOGo| request took 0.468025 seconds to execute

Jun 26 07:39:05 sogod [816]: 79.140.187.148, 172.27.11.107 "GET /SOGo  
HTTP/1.1" 302 0/0 0.471 - - 4M - 11
Jun 26 07:39:10 sogod [816]: |SOGo| starting method 'POST' on uri  
'/SOGo/saml2-signon-post'


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6ac7744 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007ffff6ac7744 in ?? () from /lib/x86_64-linux-gnu/libc.so.6

#1  0x00007ffff7f400c1 in -[SOGoSAML2Session _updateDataFromLogin]  
(self=0x555555705c40, _cmd=0x7ffff7fc0cc0 <_OBJC_SELECTOR_TABLE+640>)

    at ./SoObjects/SOGo/SOGoSAML2Session.m:272

#2  0x00007ffff7f40f2c in -[SOGoSAML2Session processAuthnResponse:]  
(self=0x555555705c40, _cmd=0x7ffff25e99b0 <_OBJC_SELECTOR_TABLE+720>,

    authnResponse=0x555555e26970) at ./SoObjects/SOGo/SOGoSAML2Session.m:466

#3  0x00007ffff25deb3b in -[SOGoSAML2Actions saml2SignOnPOSTAction]  
(self=0x555555e07820, _cmd=0x5555558769c0) at  
./UI/MainUI/SOGoSAML2Actions.m:175
#4  0x00007ffff794cd31 in -[WODirectAction performActionNamed:]  
(self=0x555555e07820, _cmd=0x7ffff7b28ca0 <_OBJC_SELECTOR_TABLE+928>,
    _actionName=0x555555dc9590) at  
./sope-appserver/NGObjWeb/WODirectAction.m:97
#5  0x00007ffff79ea252 in -[SoActionInvocation  
callOnObject:withPositionalParametersWhenNotNil:inContext:]  
(self=0x555555752f70,
    _cmd=0x7ffff7b28cd0 <_OBJC_SELECTOR_TABLE+976>,  
_client=0x555555998c80, _positionalArgs=0x0, _ctx=0x55555578e790)

    at ./sope-appserver/NGObjWeb/SoObjects/SoActionInvocation.m:300

#6  0x00007ffff79ea39b in -[SoActionInvocation  
callOnObject:inContext:] (self=0x555555752f70, _cmd=0x7ffff7b229a0  
<_OBJC_SELECTOR_TABLE+672>,
    _client=0x555555998c80, _ctx=0x55555578e790) at  
./sope-appserver/NGObjWeb/SoObjects/SoActionInvocation.m:318
#7  0x00007ffff79e4031 in -[SoObjectMethodDispatcher  
dispatchInContext:] (self=0x555555de1e60, _cmd=0x7ffff7b24e40  
<_OBJC_SELECTOR_TABLE+1536>,
    _ctx=0x55555578e790) at  
./sope-appserver/NGObjWeb/SoObjects/SoObjectMethodDispatcher.m:192
#8  0x00007ffff79e685c in -[SoObjectRequestHandler  
handleRequest:inContext:session:application:] (self=0x555555a978b0,
    _cmd=0x7ffff7aaec10 <_OBJC_SELECTOR_TABLE+848>,  
_rq=0x5555555e9f30, _ctx=0x55555578e790, _sn=0x0, app=0x555555998c80)

    at ./sope-appserver/NGObjWeb/SoObjects/SoObjectRequestHandler.m:584

#9  0x00007ffff79605cd in -[WORequestHandler handleRequest:]  
(self=0x555555a978b0, _cmd=0x7ffff7a77190 <_OBJC_SELECTOR_TABLE+1616>,
    _request=0x5555555e9f30) at  
./sope-appserver/NGObjWeb/WORequestHandler.m:240
#10 0x00007ffff791aa2b in -[WOCoreApplication  
dispatchRequest:usingHandler:] (self=0x555555998c80,  
_cmd=0x7ffff7a771e0 <_OBJC_SELECTOR_TABLE+1696>,
    _request=0x5555555e9f30, handler=0x555555a978b0) at  
./sope-appserver/NGObjWeb/WOCoreApplication.m:712
#11 0x00007ffff791ad96 in -[WOCoreApplication dispatchRequest:]  
(self=0x555555998c80, _cmd=0x555555567520 <_OBJC_SELECTOR_TABLE+1664>,
    _request=0x5555555e9f30) at  
./sope-appserver/NGObjWeb/WOCoreApplication.m:752
#12 0x000055555555d9b5 in -[SOGo dispatchRequest:]  
(self=0x555555998c80, _cmd=0x7ffff7b14d00 <_OBJC_SELECTOR_TABLE+1760>,  
_request=0x5555555e9f30)

    at ./Main/SOGo.m:584

#13 0x00007ffff79d2c28 in -[WOHttpTransaction _run]  
(self=0x5555558f2470, _cmd=0x7ffff7b14d30 <_OBJC_SELECTOR_TABLE+1808>)

    at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpTransaction.m:566

#14 0x00007ffff79d2fee in -[WOHttpTransaction run]  
(self=0x5555558f2470, _cmd=0x7ffff7b11250 <_OBJC_SELECTOR_TABLE+1168>)

    at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpTransaction.m:619

#15 0x00007ffff79ce5e6 in -[WOHttpAdaptor runConnection:]  
(self=0x5555558f1fd0, _cmd=0x7ffff7b112f0 <_OBJC_SELECTOR_TABLE+1328>,  
_socket=0x555555a7df70)

    at ./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:373

#16 0x00007ffff79ce83d in -[WOHttpAdaptor _handleAcceptedConnection:]  
(self=0x5555558f1fd0, _cmd=0x7ffff7b11300 <_OBJC_SELECTOR_TABLE+1344>,
    _connection=0x555555a7df70) at  
./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:407
#17 0x00007ffff79cecb6 in -[WOHttpAdaptor _handleConnection:]  
(self=0x5555558f1fd0, _cmd=0x7ffff7b113a0 <_OBJC_SELECTOR_TABLE+1504>,
    connection=0x555555a7df70) at  
./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:466
#18 0x00007ffff79cf1c7 in -[WOHttpAdaptor acceptConnection:]  
(self=0x5555558f1fd0, _cmd=0x7ffff7b11210 <_OBJC_SELECTOR_TABLE+1104>,
    _notification=0x55555574f650) at  
./sope-appserver/NGObjWeb/WOHttpAdaptor/WOHttpAdaptor.m:527

--Type <RET> for more, q to quit, c to continue without paging--

#19 0x00007ffff6ec6ccb in -[NSNotificationCenter _postAndRelease:]  
(self=0x5555557381e0, _cmd=<optimized out>, notification=0x55555574f650)

    at ./Source/NSNotificationCenter.m:1198

#20 0x00007ffff7597dcb in -[NSObject(FileObjectWatcher)  
receivedEvent:type:extra:forMode:] (self=0x555555a7e270,
    _cmd=0x7ffff728fa30 <_OBJC_SELECTOR_TABLE+304>, _fdData=0x6,  
_type=ET_RDESC, _extra=0x6, _mode=0x7ffff720a210 <_OBJC_INSTANCE_2>)

    at ./sope-core/NGExtensions/FdExt.subproj/NSRunLoop+FileObjects.m:58

#21 0x00007ffff6fddeb6 in -[GSRunLoopCtxt pollUntil:within:]  
(self=<optimized out>, _cmd=0x7ffff72093e0 <_OBJC_SELECTOR_TABLE+1184>,
    milliseconds=<optimized out>, contexts=0x555555a9abc0) at  
./Source/unix/GSRunLoopCtxt.m:600
#22 0x00007ffff6f11674 in -[NSRunLoop acceptInputForMode:beforeDate:]  
(self=0x5555558ad570, _cmd=0x7ffff7209410 <_OBJC_SELECTOR_TABLE+1232>,
    mode=0x7ffff720a210 <_OBJC_INSTANCE_2>,  
limit_date=0x55555594be10) at ./Source/NSRunLoop.m:1254
#23 0x00007ffff6f11340 in -[NSRunLoop runMode:beforeDate:]  
(self=<optimized out>, _cmd=<optimized out>, mode=0x7ffff720a210  
<_OBJC_INSTANCE_2>,

    date=<optimized out>) at ./Source/NSRunLoop.m:1334

#24 0x00007ffff791a19a in -[WOCoreApplication run]  
(self=0x555555998c80, _cmd=0x555555567280 <_OBJC_SELECTOR_TABLE+992>)

    at ./sope-appserver/NGObjWeb/WOCoreApplication.m:584

#25 0x000055555555c9a6 in -[SOGo run] (self=0x555555998c80,  
_cmd=0x7ffff7a99e90 <_OBJC_SELECTOR_TABLE+208>) at ./Main/SOGo.m:337
#26 0x00007ffff794892a in WOApplicationMain  
(_appClassName=0x5555555650c0 <_OBJC_INSTANCE_0.1>, argc=13,  
argv=0x7fffffffec08)

    at ./sope-appserver/NGObjWeb/WOApplicationMain.m:42

#27 0x00007ffff796d05a in WOWatchDogApplicationMain  
(appName=0x5555555650c0 <_OBJC_INSTANCE_0.1>, argc=13,  
argv=0x7fffffffec08)

    at ./sope-appserver/NGObjWeb/WOWatchDogApplicationMain.m:1049

#28 0x000055555555b339 in main (argc=13, argv=0x7fffffffec08,  
env=0x7fffffffec78) at ./Main/sogod.m:51

---


This is the SAML reposone from the keycloak log (just the domain is  
replaced) sogod is about to decode:


---

<saml:Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion"  
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"  
ID="ID_af038d76-3135-444d-9dc6-7a6ead421acc"  
IssueInstant="2023-06-26T07:39:10.826Z"  
Version="2.0"><saml:Issuer>https://auth.example.com/realms/master</saml:Issuer><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></dsig:CanonicalizationMethod><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";></dsig:SignatureMethod><dsig:Reference URI="#ID_af038d76-3135-444d-9dc6-7a6ead421acc"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256";></dsig:DigestMethod><dsig:DigestValue>bu3Cm4arIQUw9myZUfeZUCAhwItr6fycPNAo/zySmGE=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>C6cF9b6bZiopRrcbVlTOv/wrDadkt+Mxw1Z63nxblaQFn8FGUHZdTlPIU9C2+mx3enRMsF/T7zjDP/0Q9qm0KOCWlZbFglH6hpXkgpxqJQyyuCdNqcX1hmDljRPUoTUE3lhChWy/cDv0P9ebZ2euEotmYdvmsBYQxrlqlXDly7vwoA4LlwTvu9sJolK3uOScQ+cbZ1r3mxJb+obV+eGFsQmDO8BUl71oeA63XVVpjPn46CKLpY2aDUoCr7AHQPJwWenjpYxOS1xlDo7INQqIYn2Ez2s5jDKiGvZLA4sFL23WfvQbpth0OJGQyo2QjY88tIYI8tOIqcI6tqkfPyTTSA==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyName>lW-L-g3kaWfrc5goQbcyY8W77J3-dWbKGA1joPXW19M</dsig:KeyName><dsig:X509Data><dsig:X509Certificate>MIICmzCCAYMCBgGAiWAFjDANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMjIwNTAzMTAwMTUzWhcNMzIwNTAzMTAwMzMzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKbGwTJIDI7FURSwl83/CH15MTTVXN9ieRRcJ6Bd/tXogpNLMpqKCbMT3gdn7mF9XR+xNryKCwPIcDO2TMOE9yXxyLe4SQvj06zR+dK/v63sJk783rRO7APLFmoamQtONDc5nfqz3DpKbTCO0AqIK8Ki44TzQviEYaMzidApMI46bDl0ep5o/zCgzmNlVIZFdah4wp7c1wRw3+RVlrgJonT3dY7C+mHhLYrQ+pZsWb/6hmt1mvglf+Vh6iQrt6/I7uCMHH9LxxdRyaCCLZly6Zdei0qjlmp+VRTm+EMscct6kmeOgAXX5KCSh6n+flx7neL+MlQ0fgtGaBrnaxLzPDAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAGOhSwEHfHPbBk/QmyYfIvvMekDEj6iZCx/mrLRY0QuZzimsGgTFGM4kHH3kBwRvrswiB/VFloUrAtSBK6/NLc7CGNAdZ+pazOYcD/b0FtmoeGNixQluXVPdzsLYLVVvxHC/XrHS7C9Ne2bfwal+OP5c/emuNuV6PSmqo8XZhSP3025TapoDph+07DKRZUiJbCYcKgWrW+/UbaLCi0enf7qY2q7f8ztCwMxkClNN1RxQb/Fh78CG8eIW5hypyP/FLMlcOiDMLynwoSxSuinuIT/pzS8KW5nh8CftevPh8peCrlLv6Xzux7Ys3FANnXOhUEKsgM1c+PTen87Nq3JZ6RM=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">G-2594070f-2a5d-452d-8a25-97a59350d785</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData InResponseTo="_D7C1ACB06E653C15B6D9877DFE2A640C" NotOnOrAfter="2023-06-26T07:40:08.826Z" Recipient="https://sogo.example.com/SOGo/saml2-signon-post";></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2023-06-26T07:39:08.826Z" NotOnOrAfter="2023-06-26T07:40:08.826Z"><saml:AudienceRestriction><saml:Audience>https://sogo.example.com/SOGo/saml2-metadata</saml:Audience></saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement AuthnInstant="2023-06-26T07:39:10.828Z" SessionIndex="388cd8e0-1a45-4cde-a26b-686261ad4616::1e9f2cf8-cfb8-4f57-a147-7eb92f5825c6" SessionNotOnOrAfter="2023-06-26T17:39:10.828Z"><saml:AuthnContext><saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef></saml:AuthnContext></saml:AuthnStatement><saml:AttributeStatement><saml:Attribute FriendlyName="username" Name="urn:oid:1.2.840.113549.1.9.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="xs:string">clahil</saml:AttributeValue></saml:Attribute><saml:Attribute FriendlyName="login" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic"><saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";  
xsi:type="xs:string">claas.hilbre...@example.com</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>

---


























					Reply via email to