Apache2 Segfault with AuthnRequestsSigned #203
Comments
This sounds suspiciously exacltly why I'm here for the first time ever trying to get help. Also debian 9.8 and self-compiled 0.14.2 mod_auth_mellon (to get diagnostics support). (gdb) run -X -k start Program received signal SIGSEGV, Segmentation fault. Is there a way for me to disable signing of metadata from the config, and not having to maintain a metadata file just for the test? |
I put AuthnRequestsSigned="false" in a copy of the generated metadata. My site now works. |
@haraldhh correct, as I know (although I'm not experienced with mod_auth_mellon), this is the only possibility to disable signing. |
I'm no expert but my backtrace seems to indicate liblasso (again). |
@haraldhh I also installed the liblasseo from the Debian SID repository (version 2.6), and on my first tests, I do not get a segfault any more, and I see a Signature header in the SAML Request.. I'm not totally sure why the request to the IdP is a GET request with all parameters as Query Strings (I would expect a POST request with data in the body), but I could successfully test it with a signature verification on the IdP side as well. |
Hopefully the problems found with liblasso3 would be fixed and backported back to Debian, one might have to open a ticket over there as soon as someone is able to verify that my hunch is right. |
Hi, have you set the |
Yes, they are set and verified as readable. I don't think the crash is caused by this. I have to try with a newer liblasso3 when I have the opportunity. I really like to have signing as well. |
I have another server on which I tried installing liblasso3 from debian backports, and signing works as it should now. I'll raise a bug on debian. |
Closing this issue as part of archiving this project. See the announcement for details: https://github.com/Uninett/mod_auth_mellon/blob/info/README.md |
My SAML Implementation basically works - when I disable the Signing of the Authn Request. I am using Debian 9.8 with the apache package of the distribution, and the mod_auth_mellon package from the test repository which has version 0.14.
As soon as I add the
AuthnRequestsSigned="true"
parameter to my Metadata file, the apache processes get asigchld
and a process exits.Is there any possibility to debug further why this happens, or is there any special requirement for the signing to work?
The Metadata itself is quite simple
The text was updated successfully, but these errors were encountered: