Getting a 403 forbidden error for simplesaml after Apache upgrade

StackOverflow https://stackoverflow.com/questions/23337446

  •  10-07-2023
  •  | 
  •  

Pergunta

My simplesaml was working perfectly until I upgraded Apache to 2.4.6 on Ubuntu

The error I was getting :

Forbidden

You don't have permission to access /simplesaml/ on this server.
Foi útil?

Solução

The instructions for installing simplesamlphp on Apache only require an alias for the simplesamlphp directory :

https://simplesamlphp.org/docs/stable/simplesamlphp-install#section_6

But for Apache 2.4.6+ the security has changed - it worked for me when I added a Directory directive. eg:

<VirtualHost *:80>
    ServerName mywebsite.dev
    DocumentRoot /home/myuser/www/mywebsite/

    <Directory /home/myuser/www/mywebsite/>
        Require all granted
    </Directory>

    Alias /simplesaml /var/simplesamlphp/www

    <Directory /var/simplesamlphp/www/>
        Require all granted
    </Directory>

</VirtualHost>

Outras dicas

While the chosen answer is correct I would like to add that SELinux can also cause this error. It took me a couple hours to realize that was my problem after following tons of examples online.

If you are running SELinux make sure you run the following command:

chcon -R --reference=/var/www /var/simplesamlphp

This will place the /var/simplesamlphp directory in the same security context as /var/www. You can't just place the /var/simplesamlphp/www directory in the same context because _include.php accesses files in /var/simplesamlphp/lib.

I hope this prevents someone from spending as much time on this problem as I did.

If you installed simplesamlphp via compose, this can be more complex. In addition to @RusselEngland's answer of needing to add proper Apache config, if you are still getting a 403, you need to make sure that this file is not being prevented by a rule in .htaccess.

Apache config:

<VirtualHost *:80>
    DocumentRoot /var/www/html

    Alias /simplesaml /var/www/html/vendor/simplesamlphp/simplesamlphp/www

    <Directory /var/www/html/vendor/simplesamlphp/simplesamlphp/www/>
        Require all granted
    </Directory>
</VirtualHost>

.htaccess (in /var/www/html);

<IfModule mod_rewrite.c>
    #...
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?.php
    RewriteCond %{REQUEST_URI} !/core/modules/statistics/statistics.php$
    RewriteCond %{REQUEST_URI} !^/simplesaml/*  # Add this condition
    RewriteRule "^(.+/.*|autoload)\.php($|/)" - [F]
</IfModule>
Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top