Topic on Extension talk:SimpleSAMLphp

Setting secure cookie on plain HTTP is not allowed

2 comments 12:58, 17 July 2023 9 months ago
2
S0ring (talkcontribs)

If attempt to set the secure flag to prevent cookies being sent over plain text connection in SimpleSAMLphp

'session.cookie.secure' => true,

then the error occurs:

[a66d809e0f1359fa7d2bcefc] /index.php/Spezial:PluggableAuthLogin SimpleSAML\Error\CriticalConfigurationError from line 306 of /var/simplesamlphp/lib/SimpleSAML/Session.php: The configuration is invalid: Setting secure cookie on plain HTTP is not allowed.


Backtrace:

#0 /var/simplesamlphp/lib/SimpleSAML/Auth/Simple.php(53): SimpleSAML\Session::getSessionFromRequest()

#1 /var/www/html/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php(208): SimpleSAML\Auth\Simple->__construct(string)

#2 /var/www/html/extensions/SimpleSAMLphp/includes/SimpleSAMLphp.php(104): SimpleSAMLphp::getSAMLClient()

#3 /var/www/html/extensions/PluggableAuth/includes/PluggableAuthLogin.php(36): SimpleSAMLphp->authenticate(NULL, NULL, NULL, NULL, NULL)

#4 /var/www/html/includes/specialpage/SpecialPage.php(600): PluggableAuthLogin->execute(NULL)

#5 /var/www/html/includes/specialpage/SpecialPageFactory.php(635): SpecialPage->run(NULL)

#6 /var/www/html/includes/MediaWiki.php(307): MediaWiki\SpecialPage\SpecialPageFactory->executePath(Title, RequestContext)

#7 /var/www/html/includes/MediaWiki.php(940): MediaWiki->performRequest()

#8 /var/www/html/includes/MediaWiki.php(543): MediaWiki->main()

#9 /var/www/html/index.php(53): MediaWiki->run()

#10 /var/www/html/index.php(46): wfIndexMain()

#11 {main}

Edited 07:19, 9 June 2021 2 years ago
Cindy.cicalese (talkcontribs)

That is an error from the simplesamlphp library. It is correct: session.cookie.secure requires HTTPS.

13:40, 9 June 2021 2 years ago
Retrieved from "https://www.mediawiki.org/wiki/Topic:Waisaqounjdviv1p"