Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acquia_config.php for SimpleSAMLphp does not work on Acquia Cloud ODE. #3437

Closed
wu-edward opened this issue Mar 8, 2019 · 5 comments · Fixed by #3498
Closed

acquia_config.php for SimpleSAMLphp does not work on Acquia Cloud ODE. #3437

wu-edward opened this issue Mar 8, 2019 · 5 comments · Fixed by #3498
Labels
Bug Something isn't working
Milestone
10.0.0

Comments

@wu-edward
Copy link

In the acquia_config.php included in BLT, the database credentials are extracted in lines 95-97:

$creds_json = file_get_contents('/var/www/site-php/' . $_ENV['AH_SITE_GROUP'] . '.' . $_ENV['AH_SITE_ENVIRONMENT'] . '/creds.json');
$databases = json_decode($creds_json, TRUE);
$creds = $databases['databases'][$_ENV['AH_SITE_GROUP']];

The hostname of the database is then looked up on line 106-107:

$response = $resolver->query("cluster-{$creds['db_cluster_id']}.mysql", 'CNAME');
$creds['host'] = $response->answer[0]->cname;

On the ODE I want to run SSO tests on, $creds['db_cluster_id'] is null, so the host is empty, which causes an exception. I was able to fix this by hardcoding the database host for the specific ODE environment it was on.

But since https://support.acquia.com/hc/en-us/articles/360008830834 implies that ODEs should work, this code may need to be updated to get the DB host for ODEs.
@aweingarten
Copy link
Contributor

@wu-edward, I am curious how would you test SSO without a constant domain name? Every-time that you spin up a new CDE wouldn't you need to exchange new metadata with the domain? I ask because if you have a clever solution I would LOVE to steal it!

@wu-edward
Copy link
Author

@aweingarten We spun up a CDE specifically for a PoC we're building that requires SSO, so unfortunately no cleverness involved.

@mikemadison13 mikemadison13 added the Bug Something isn't working label Mar 11, 2019
@danepowell
Copy link
Contributor

Can you try replacing $creds['host'] = $response->answer[0]->cname; with $creds['host'] = key($creds['db_url_ha'])?

If that doesn't work, you may need to debug this a little more. Unfortunately I don't have access to an environment with SAML and CDEs to test this.

@lcatlett removed the code you are referring to in #2953, she might have insight as well

@lcatlett
Copy link
Contributor

if you use a relative path for the saml config then it can work on any environment - it is when baseurl and other config is hardcoded (and there may be some valid reasons) that it appears to 'work' only on one environment / site / hosting provider. It is more likely that this is the same issue I called out in #3492 (comment)

@wu-edward wu-edward mentioned this issue Mar 25, 2019
Merged
@wu-edward
Copy link
Author

@danepowell I took your suggestion and set $creds['host'] based on whether the environment is an ODE.

@danepowell danepowell added this to the 10.0.0 milestone Mar 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug Something isn't working
Projects
None yet
Milestone
10.0.0
Development

Successfully merging a pull request may close this issue.

Update simplesaml acquia_config.php for use on ODEs. wu-edward/blt
5 participants
@lcatlett @danepowell @aweingarten @mikemadison13 @wu-edward