WSO2 Identity server - SAML - redirection page keeps loading forever instead of taking me to the application
I am implementing the single sign on functionality using WSO2 identity server as the identity provider, PHP-SimpleSamlPhp package and Drupal following this article https://wso2.com/library/articles/2014/10/wso2-identity-server-single-sign-on-with-drupal/
Everything has been setup successfully as below.
- Access the drupal app login page and click on the federated link
- This redirects you to the WSO2 IS login page as expected
- You enter the credentials (stored in WSO2) and click login
- The page redirects you to the samlsso URL
https://localhost:9443/samlsso?SAMLRequest=fZJNT.... - This page keeps loading forever and the SAMLRequest value in the above URL keeps changing.
Logs
- This shows up at the point 2 above
TID: [-1234] [] [2020-04-12 18:48:14,334] [http://localhost/drupal-8.8.5/en/saml_login] INFO {org.opensaml.core.config.InitializationService} - Initializing OpenSAML using the Java Services API
- This shows up at point 5 above
TID: [-1234] [2020-04-12 18:53:06,793] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-List Target=null Data={"Claim Value":"ebdefe27-3912-4502-ad48-5b1a2ee30224","Users":["wickrema"],"Claim":"http://wso2.org/claims/userid"} Outcome=Success
TID: [-1234] [2020-04-12 18:53:06,793] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator=wso2.system.user Action=Get-User-Claim-Values Target=wickrema Data={"Claims":{"http://wso2.org/claims/username":"wickrema","http://wso2.org/claims/userid":"ebdefe27-3912-4502-ad48-5b1a2ee30224","http://wso2.org/claims/created":"2020-04-11T20:53:00.424Z","http://wso2.org/claims/role":"Internal/everyone","http://wso2.org/claims/fullname":"wickrema","http://wso2.org/claims/modified":"2020-04-11T20:53:33.922Z","http://wso2.org/claims/emailaddress":"wickrema@abc.com","http://wso2.org/claims/lastname":"Edirisooriya","http://wso2.org/claims/givenname":"Wickrema","http://wso2.org/claims/resourceType":"User","http://wso2.org/claims/userprincipal":"wickrema"}} Outcome=Success
TID: [-1234] [2020-04-12 18:53:06,794] [http://localhost/drupal-8.8.5/en/saml_login] INFO {AUDIT_LOG} - Initiator : wickrema | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "4f08f619-e1dd-43be-8119-6cc7ea7238ee","AuthenticatedUser" : "wickrema","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "simplesamlphp","RequestType" : "samlsso","RelyingParty" : "simplesaml","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNTg2NzA2Nzg2NzcxMzAwMCwiaWF0IjoxNTg2NzA2Nzg2NzcxLCJpZHBzIjpbeyJpZHAiOiJMT0NBTCIsImF1dGhlbnRpY2F0b3IiOiJCYXNpY0F1dGhlbnRpY2F0b3IifV19." } | Result : Success
Images
- More from the HTTP logs
0:0:0:0:0:0:0:1 - - [12/Apr/2020:20:04:20 +0300] GET /samlsso?SAMLRequest=fZJRT4MwEMe%2FCuk7a2EdyxpYMrcYl0wlG%2Frgi%2BlokSalxV5x%2Bu0FpnG%2B7KnN3f3%2B%2F7trU%2BCNbtmq87XZy%2FdOgg8%2BG22AjYkMdc4wy0EBM7yRwHzJDqv7HYsnhLXOeltajS6Q6wQHkM4ra1Cw3WTolc5oRZOjmJMpp1WViGRBovmUz%2BKSCCGiOJmRhSA0Iih4lg56MkO9UI8DdHJrwHPj%2BxCJSUhoGMVFNGeEspi8oGDTT6MM9yNVe98Cw1jbkuvagmcLSqd46BnAomD129raGuga6Q7SfahSPu13Z%2FiSxaCaVssBxo0VXX8dlTC04xmHvIRJW7f4BDYOoUVB%2FrOsG2WEMm%2FX93Q8FwG7K4o8zB8PBVqmgzAb53bLP%2F8UX8bT83s%2B9IrbTW61Kr%2BCW%2Bsa7q8bDhElwmosZd5xA0oa369Fa3taO8m9zJB3nUR4ebb8%2F2uW3w%3D%3D&RelayState=http%3A%2F%2Flocalhost%2Fdrupal-8.8.5%2Fen%2Fsaml_login HTTP/1.1 200 6020 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36 Edg/80.0.361.111 0.043
- Below is the authsources and identity provider configuration
- When I did a cookies check as suggested in the comments, this is what I found.
Adding answer as steps as requested
By design, domain names must have at least two dots; otherwise the browser will consider them invalid. (See reference on http://curl.haxx.se/rfc/cookie_spec.html)
When working on localhost, the cookie domain must be omitted entirely.
Modify the file /etc/hosts by adding the following entry
localhost.com 127.0.0.1
Then use the domain as localhost.com
For better cookie tracing in your browser, also follow the steps in the link https://brainshark.zendesk.com/hc/en-us/articles/205043644-Performing-a-Browser-Trace-Chrome
- Checkboxes and radios that fail validation do not get a red border
- How to Install Kint Globally Drupal - Without Devel Module
- Drupal 11: How do I use a custom field with multiple values programmatically?
- What is the equivalent of hook_page_alter()?
- Add conditional stylesheet into the Drupal's Chameleon theme
- How to access phpmyadmin on DDEV Windows 10 pro localhost with SSL record too long error
- drupal page.tpl.php content variable?
- Drupal: I've deleted a nodequeue and now I get the following errors
- Drupal6: how to handle private and public file storage?
- DRUPAL, Views module: can I dynamically change the number of columns of my grid?
- Drupal Search API custom search field order
- How to create Hidden type Field in Drupal 8 Entity
- How to get drupal webform module submitted value programmatically?
- Nginx config: how to use auth_basic authentication if ssl_client_certificate none provided?
- Loading views_accordion through an ajax request
- Drupal 7: how do I add the async attribute to an external JS script when using drupal_add_js?
- Problem with Webform Mail Chimp on Drupal 8.7.8
- Solr 7 Forcing q value
- Drupal 8 Delete layout prefix
- Stop the current video from playing when the next button is clicked in Drupal 7
- Drupal How to fix notice unserialize() and Undefined index?
- Retreiving a user cookie
- Drupal 9 - Message and message statut system blocks are not displayed
- Varnish Strategy to Cope with Scraping Bots
- Drupal 7 Module Dependencies
- Empty records in Drupal CMS after bulk insert
- Drupal 11 - programatically create vocabulary with custom field
- How to check if a user is logged_in in a Drupal site via JavaScript?
- How can I create and load a second database in ddev?
- Cloudfront + Varnish - Revalidations