SimpleSamlPhp Infinite login loop (once again)

Question

Yes, I've read all these threads with this same title! After days of debugging, I think my problem are cookie mismatches.

I've used the basic code from https://simplesamlphp.org/docs/stable/simplesamlphp-sp for SP test (which you can find everywhere here)

require_once('../../lib/_autoload.php');
$as = new \SimpleSAML\Auth\Simple('default-sp');

if ($as->isAuthenticated ()) {

   $as->requireAuth();

}

$attributes = $as->getAttributes();
print_r($attributes);

I've tested several configurations targeting "store.type", "session.cookie.domain", and so on.

$as->isAuthenticated() get's never TRUE ...

For my question: I've found three cookies in browser context:

• Two from IdP named "SimpleSAML" and "SimpleSAMLAuthToken",
• One from SP named "SimpleSAMLSessionID".

Can somebody confirm if this correct or not?

Thanks!

Answer 1

The infinite-loop issue with SimpleSAMLphp occurs if the PHP script uses a different session ID than SimpleSAML. Or if the PHP script uses an uncommon location to store sessions.

Edit the simplesamlphp/config/config.php and look for these settings. Adjust them to your PHP script's session configuration.

'session.phpsession.cookiename' => 'PHPSESSID',  // Default is SimpleSAML
'session.phpsession.savepath' => '/var/www/html/system/session',  // Default is empty