Re: [SOGo] SOGo with SAML2 against KeyCloak 23+ causes "Tried to add nil value for key 'login' to dictionary INFO"

Sat, 10 Aug 2024 07:39:36 -0700 

On 8/9/24 22:59, Anton Hvornum ([email protected]) wrote:
I've attempted to get SAML login working using the following guide: https://bluntlab.space/posts/sogo-saml-keycloak/ Currently I'm running apache, memcached, sogo and postgresql in a docker compose environment while keycloak, postfix and dovecot are running externally. 

This is an excerpt from sogo.conf:

SOGoCacheCleanupInterval = 3600;
SOGoAuthenticationType = saml2;
NGImap4AuthMechanism = SAML;
SOGoSAML2IdpMetadataLocation = "/etc/sogo/idp-metadata.xml";
SOGoSAML2PrivateKeyLocation = "/etc/sogo/saml.privkey.pem";
SOGoSAML2CertificateLocation = "/etc/sogo/saml.cert.pem";
// SOGoSAML2IdpPublicKeyLocation = "/etc/sogo/idp.key";
// SOGoSAML2IdpCertificateLocation = "/etc/sogo/idp.crt";
SOGoSAML2LoginAttribute = "username";
SOGoSAML2LogoutEnabled = YES;
SOGoSAML2LogoutURL = "https://sogo.domain.com";;


When visiting https://sogo.domain.com/SOGo i get redirected to the 
keycloak realm SSO prompt, credentials are accepted and it redirects 
me back to what I configured in KeyCloak to be "Assertion Consumer 
Service POST Binding URL": 
https://sogo.domain.com:443/SOGo/saml2-signon-post


But once there, I keep hitting:

```
sogod [11]: 192.168.0.10 "GET /SOGo HTTP/1.1" 302 0/0 0.002 - - 0 - 11

sogod [11]: |SOGo| starting method 'POST' on uri 
'/SOGo/saml2-signon-post'

sogod [11]: |SOGo| traverse(acquire): SOGo => saml2-signon-post
sogod [11]: |SOGo|   do traverse name: 'SOGo'
sogod [11]: |SOGo|   do traverse name: 'saml2-signon-post'
sogod [11]: |SOGo| set clientObject: <SOGo[0x0x5a13bcaa3e80]: name=SOGo>

sogod[11:11] EXCEPTION: <NSException: 0x5a13bcc7dd10> 
NAME:NSInvalidArgumentException REASON:Tried to add nil value for key 
'login' to dictionary INFO:{}


```


Any idea why SOGo (or is it a library like lasso) would generate 
"Tried to add nil value for key 'login' to dictionary INFO:{}"?


//Anton



From my limited ability to debug Objective-C, it appears that the error 
is caused by:

https://github.com/Alinto/sogo/blob/b602b2b188ce6c331875450c6b1dbe48240f4ff7/UI/MainUI/SOGoSAML2Actions.m#L176
```
newSession = [SOGoSAML2Session SAML2SessionInContext: context];
[newSession processAuthnResponse: [rq formValueForKey: @"SAMLResponse"]];
login = [newSession login];
```

Where `[newSession login]` is `nil`?

My next obsession is going to be guessing what could be missing in the 
SAML response from keycloak. Here's the post-back data from keycloak: 
https://0x0.st/XWZs.txt


//Anton






















					Reply via email to