Upgrade simplesamlphp version

Although the patch itself is relatively simple, I thank you for patching.

I think we need to do some proper testing for all usecases. here is a list of changes introduced in 1.15x
https://simplesamlphp.org/docs/1.15/simplesamlphp-upgrade-notes-1.15
and
https://simplesamlphp.org/docs/1.15/simplesamlphp-changelog#section_1

I havent personally got the time to test the upgrade, but lets leave this thread open to fully evaluate the upgrade path.

@Heisen-blue what version of D8 are you running? I ran into a Twig error with 8.3.7

Hi @Heisen-blue & @dmundra
Also this current version having an issue as it's missing all the files under config/ folder

[2017-12-19 11:12:14] php.ERROR: Exception: Missing configuration file: {project-path}vendor/simplesamlphp/simplesamlphp/config/config.php in SimpleSAML_Configuration::loadFromFile() (line 122 of {project-path}vendor/simplesamlphp/simplesamlphp/lib/SimpleSAML/Configuration.php). 

@AhmadZain
مرحبا، كيف هو فودافون؟

I will update the install instructions when using composer to install simplesaml in vendor folder.

@heisen-blue sorry for the delay. I highlighted the error here: https://www.drupal.org/project/simplesamlphp_auth/issues/2930366. I am still waiting to upgrade the site to 8.4.3.

For me it worked to comment out the following lines in simplesamlphp/simplesamlphp/config/config.php

/*
'session.phpsession.cookiename' => 'SimpleSAML',
'session.phpsession.savepath' => null,
'session.phpsession.httponly' => true,
*/

when I was using sql as a storage

'store.type'                    => 'sql',

This was explained at https://github.com/simplesamlphp/simplesamlphp/issues/517#issuecomment-2...

@dakku يا مرحب كله تمام :)
this will be appreciated bro ;)

I missed you mate ...

@Heisen-blue
Thanks for the tip ;)

Something changed in the composer.json so the patch does not apply anymore. Rerolled the patch.

1.15.2 is out: https://simplesamlphp.org/docs/1.15/simplesamlphp-changelog#section_2 and works fine with 8.3.7 and 8.4.4

Any update on this? It seems as though simplesamlphp will only work with memcache and PHP 7.1 if the version of simplesamlphp is >= 1.15. Anyone using composer based Drupal installs (i.e., BLT) is handcuffed by the fact that simplesamlphp_auth's composer.json pins it to 1.14.x

Guys, I am happy to update to the latest version. We have a number of open threads regarding updating the lib version. I personally dont have time to test the lib upgrade yet.

There seems to miscellaneous issues relating to 1.5x: see
https://www.drupal.org/project/simplesamlphp_auth/issues/2912807

I am assuming this has been tested already by someone?

Brian, on the Acquia client websites did you try the patch? Did all the functionality work? Could you share any findings from having used the patch?

Since 1.15.3 is now out the previously posted patches will conflict with roave/security-advisories on composer-managed projects. Attached is an updated patch which resolves both the dependency and upgrade issues.

Hey Janak, hope you're doing well! I don't if anybody has thoroughly tested the updated library yet, but one thing is for sure, 1.15.2 is a security release and it means users are forced to be pinned to an insecure release currently, which isn't great.

Also, Composer-managed sites cannot simply patch simplesamlphp_auth's composer.json file since AFAICT the way Composer works with the sub-tree split doesn't allow for that (or it's too late in the process, just check composer.lock to confirm). The only workaround is to fork the module as if it was a custom module.

My suggestion going forward wouldn't be to pin the version at all, but to let sites stick to the latest library (minor) version always and report back if/when they see issues.

Hey Aurelien,
How are you doing? Long time no speak mate, how are things?

My suggestion going forward wouldn't be to pin the version at all, but to let sites stick to the latest library version always and report back if/when they see issues.

Makes sense to me :) I will roll out a 1.15x release to dev and open it for feedback.

Thanks again everyone for your input.
Please try RC6 and post any bugfixes.

Gathering patches for dependencies. This might take a minute.
  - Updating robrichards/xmlseclibs (1.4.2 => 3.0.1): Downloading (100%)
  - Updating simplesamlphp/saml2 (v1.9.1 => v3.1.2): Downloading (100%)
  - Updating simplesamlphp/simplesamlphp (v1.14.17 => v1.15.2): Downloading (100%)
  - Updating drupal/simplesamlphp_auth (3.0.0-rc5 => 3.0.0-rc6): Downloading (100%)
Writing lock file

All is well :-)

Thanks so much for the quick turnaround time, Janak!