phpSPO icon indicating copy to clipboard operation
phpSPO copied to clipboard
verified publisher icon vgrem

Authentication Problem with SamlTokenProvider.php Empty String

Open RezcommGuy opened this issue 6 years ago • 8 comments

Hi there,

Getting the issue below trying to use the phpSPO library, verified the user details and they are correct. Running from a local repo at the moment (via PHP -S localhost:8000). Messages in the PHP Error Log are the same.


Warning: DOMXPath::query(): Undefined namespace prefix in /Users/user/repo/ana-sharepoint/phpSPO/src/Runtime/Auth/SamlTokenProvider.php on line 244

Warning: DOMXPath::query(): Invalid expression in /Users/user/repo/ana-sharepoint/phpSPO/src/Runtime/Auth/SamlTokenProvider.php on line 244

Notice: Trying to get property 'length' of non-object in /Users/user/repo/ana-sharepoint/phpSPO/src/Runtime/Auth/SamlTokenProvider.php on line 244

Warning: DOMXPath::query(): Undefined namespace prefix in /Users/user/repo/ana-sharepoint/phpSPO/src/Runtime/Auth/SamlTokenProvider.php on line 251

Warning: DOMXPath::query(): Invalid expression in /Users/user/repo/ana-sharepoint/phpSPO/src/Runtime/Auth/SamlTokenProvider.php on line 251

Notice: Trying to get property 'length' of non-object in /Users/user/repo/ana-sharepoint/phpSPO/src/Runtime/Auth/SamlTokenProvider.php on line 251
Authentication failed: Error trying to get a token, check your URL or credentials```

RezcommGuy avatar Mar 08 '19 09:03 RezcommGuy

I got the same thing here.

This is the stack trace:

#0 C:\...\vendor\vgrem\php-spo\src\Runtime\Auth\SamlTokenProvider.php(159): Office365\PHP\Client\Runtime\Auth\SamlTokenProvider->processSecurityTokenResponse(NULL)#1 C:\...\vendor\vgrem\php-spo\src\Runtime\Auth\SamlTokenProvider.php(101): Office365\PHP\Client\Runtime\Auth\SamlTokenProvider->acquireSecurityToken('username', 'password)
#2 C:\...\vendor\vgrem\php-spo\src\Runtime\Auth\AuthenticationContext.php(69): Office365\PHP\Client\Runtime\Auth\SamlTokenProvider->acquireToken(Array)
#3 C:\...\fileupload.php(10): Office365\PHP\Client\R in C:\...\vendor\vgrem\php-spo\src\Runtime\Auth\SamlTokenProvider.php on line 256

This is the raw data received in the method acquireSecurityToken():

<?xml version="1.0" encoding="utf-8"?><S:Envelope xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust" xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Header><psf:pp xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:serverVersion>1</psf:serverVersion><psf:authstate>0x80048800</psf:authstate><psf:reqstatus>0x80045c01</psf:reqstatus><psf:serverInfo ServerTime="2019-03-11T16:27:19.0449149Z">PROD-AMS2-002.ProdSlices rid:d2891a2a-b27c-4b25-9011-cded72586400</psf:serverInfo></psf:pp></S:Header><S:Body xmlns:S="http://www.w3.org/2003/05/soap-envelope"><S:Fault><S:Code><S:Value>S:Sender</S:Value><S:Subcode><S:Value>wst:InvalidRequest</S:Value></S:Subcode></S:Code><S:Reason><S:Text xml:lang="en-US">Invalid Request</S:Text></S:Reason><S:Detail><psf:error xmlns:psf="http://schemas.microsoft.com/Passport/SoapServices/SOAPFault"><psf:value>0x80045C01</psf:value><psf:internalerror><psf:code>0x80045C01</psf:code><psf:text>AADSTS90023: Invalid STS request.</psf:text></psf:internalerror></psf:error></S:Detail></S:Fault></S:Body></S:Envelope>

So you don't have to search the XML string, the error message is Invalid STS request

RoelVB avatar Mar 11 '19 16:03 RoelVB

It looks like Microsoft stopped supporting SAML 1.0, but a cannot find anything about this. As far a I know there is no other SAML version that supports authentication with just a username and password.

RoelVB avatar Mar 18 '19 15:03 RoelVB

anyone solved this?

Eiglimar avatar May 30 '19 19:05 Eiglimar

Also looking for a solution to this.

briandgregory avatar Aug 23 '19 19:08 briandgregory

If your password has special characters it can interfere with XML syntax, please try only alphanumeric password or escape your password.

evolvoltd avatar Sep 05 '19 08:09 evolvoltd

Same problem !

thomasschaller1 avatar Sep 12 '19 15:09 thomasschaller1

I have the same problem when password is using special characters (some of them) for example "%," but not always fail.

Case 1: When password starts with "%Ea" there is no problem everithing works ok... Case 2: When password have something like "Abc%83421" , then the respond in adquiringToken fail in SamlTokenProvider.php

I have treid to escape "%" using &%percent; and using &#25, and even escaping the numbers that follow the % but no luck, any idea how this can be solved?

Regards.

Carlosru avatar Jul 11 '20 14:07 Carlosru

Any news on this ? Was it patched ?

valimero avatar Nov 23 '20 10:11 valimero