Drupal 10.6.1, doctrine/annotations and Simplesamlphp

just to let you know, its not unique to just you - i've also just experienced this

just seen that its been abandoned - https://packagist.org/packages/doctrine/annotations
i wonder if simplesaml will have updated itself with this in mind

the same problem on my site after update from Drupal 10.5.x to 10.6.2

I ran into the same issue updating to Drupal 10.6.2 and simpleSAMLphp 2.4.4; in my case running composer require doctrine/annotations to get doctrine/annotations 2.0.2 worked ok.

We are having a similar issue with 10.6.2.
It seems the module is not compatible with 10.6?

drupal/core-recommended is known to cause conflicts with more complex dependencies. It locks down specific minor versions that other projects conflict with. Removing that allows to install the most recent version of simplesamlphp.

There isn't much that this project can do about this.

simplesamlphp has complex dependency chains that frequently conflict with core, symfony, guzzle and others. As mentioned in the D11 issue, I strongly recommend to review if https://www.drupal.org/project/samlauth is sufficient for your requirements and switch. We did, and so did many others.

Thank you berdir I did see in many places recommendation to move to samlauth - do you have any guidlines or resources to point to about migration from simplesamlphp to samlauth module?

Not sure if this will help anyone, but I experienced this issue and found that clearing the SimpleSAMLphp cache solved it.

There's quite a bit of discussion in #3447463: Drupal 11 compatibility on the migration to samlauth, in #27 someone created a migration module, I didn't try it.

matason 's tip saved my bacon. Clearing the /var/cache/simplesamlphp/* cleared my error. (THANKS!)

Second that the cache clearing fix works - I had to check my simplesamlphp config file to find the cache dir (/tmp/simplesaml).

thank you Drupal community for your work on this, thank you , @matason, @benjamin_dk for sharing your solution, I followed it and SSO authentication works again on our Drupal 10.6 instance

keep good work!

You can try the SimpleSAMLphp (Symfony) console command to clear the cache.

Find the cache folder:

console about

Clear the cache without warmup

console cache:clear --no-warmup

All those SimpleSAMLphp cached files should be cleared after that.

We're also looking to move to samlauth.

In the meantime, clearing the simplesamlphp cache partially worked in our case. We can now authenticate to Drupal, but we're still unable to log into the simplesamlphp admin application (e.g. '/simplesaml/admin')—that still throws the same exception.

Been a few months since the last post here. We are running into issues using this module after upgrading to D11.3.8 due to the removal of doctrine/annotations and even when replacing that with v2.0.2 - the following error related to some sort of issue with the way the updated symfony/routing package (7.4.8) (which is required on D11) is interacting with our SAML login process. We get the following error when attempting to login and the IDP returns us to the site.

Did anyone have this same issue and find a fix? Or is the only solution to move away from simplesamlphp_auth. We were hoping to keep that solution in use for our SSO but are open to shifting to SAML Auth module if there is no workaround.

Backtrace:
2 src/SimpleSAML/Error/ExceptionHandler.php:47 (SimpleSAML\Error\ExceptionHandler::customExceptionHandler)
1 /var/www/docker_platform/vendor/symfony/error-handler/ErrorHandler.php:538 (Symfony\Component\ErrorHandler\ErrorHandler::handleException)
0 [builtin] (N/A)
Caused by: TypeError: Symfony\Component\Routing\Loader\AttributeClassLoader::__construct(): Argument #1 ($env) must be of type ?string, Doctrine\Common\Annotations\PsrCachedReader given, called in /tmp/simplesaml/saml/Container0czZbxY/SimpleSAML_KernelProdContainer.php on line 172
Backtrace:
11 /var/www/docker_platform/vendor/symfony/routing/Loader/AttributeClassLoader.php:65 (Symfony\Component\Routing\Loader\AttributeClassLoader::__construct)
10 /tmp/simplesaml/saml/Container0czZbxY/SimpleSAML_KernelProdContainer.php:172 (Container0czZbxY\SimpleSAML_KernelProdContainer::getRouting_LoaderService)
9 /tmp/simplesaml/saml/Container0czZbxY/SimpleSAML_KernelProdContainer.php:159 (Container0czZbxY\SimpleSAML_KernelProdContainer::getRouterService)
8 /tmp/simplesaml/saml/Container0czZbxY/SimpleSAML_KernelProdContainer.php:291 (Container0czZbxY\SimpleSAML_KernelProdContainer::getRouterListenerService)
7 /tmp/simplesaml/saml/Container0czZbxY/getHttpKernelService.php:22 (Container0czZbxY\getHttpKernelService::do)
6 /tmp/simplesaml/saml/Container0czZbxY/SimpleSAML_KernelProdContainer.php:95 (Container0czZbxY\SimpleSAML_KernelProdContainer::load)
5 /var/www/docker_platform/vendor/symfony/dependency-injection/Container.php:221 (Symfony\Component\DependencyInjection\Container::make)
4 /var/www/docker_platform/vendor/symfony/dependency-injection/Container.php:203 (Symfony\Component\DependencyInjection\Container::get)
3 /var/www/docker_platform/vendor/symfony/http-kernel/Kernel.php:204 (Symfony\Component\HttpKernel\Kernel::getHttpKernel)
2 /var/www/docker_platform/vendor/symfony/http-kernel/Kernel.php:193 (Symfony\Component\HttpKernel\Kernel::handle)
1 src/SimpleSAML/Module.php:240 (SimpleSAML\Module::process)
0 public/module.php:17 (N/A)

Hi @dak5859. We've just updated from D10.6.7 to D11.3.9. We have required doctrine/annotations (2.0.2) until we can move to samlauth.

We're able to authenticate successfully, so no error on returning form the IDP. But, attempting to visit the local simplesamlphp admin app did yield the same error you include above. In our case, clearing the simplesaml cache as recommended in #12 resolved the issue.

Thanks for the update @justcaldwell. As mentioned, I tried to enable doctrine/annotations 2.0.2 with that same error i posted.

How did you clear the simplesamlph cache? I couldn't find a cache dir in that /tmp/simplesaml directory and those console commands from #15 did not run properly with a "command not found" response. We're using Docker and memcache and also tried to restart memcache service but that did not appear to clear simplesamlphp cache.

The console commands never worked for me, either.

To do it manually, check your simplesamlphp config.php to see if the directory is defined there; look for the 'tempdir' key. So, something like:

$config['tempdir'] = '/tmp/some-directory';

Then delete the contents of 'some-directory'.

This is what i see in my config.php file when searching on 'tempdir'.

- 'tempdir': Saving temporary files. SimpleSAMLphp will attempt to create
* this directory if it doesn't exist.
* When specified as a relative path, this is relative to the SimpleSAMLphp
* root directory.
*/
'certdir' => 'cert/',
'loggingdir' => '/tmp',
'datadir' => 'data/',
'tempdir' => '/tmp/simplesaml',

When visiting that /tmp/simplesaml directory - i see it contains another directory called 'saml'. Are you saying I should delete that entire 'saml' directory?

That contains the following files and directories (Container0czZbxY, Symfony, pools):

-rw-r--r-- 1 root root 12288 May 6 08:44 .annotations.map.swp
drwxr-xr-x 2 www-data www-data 12288 May 5 12:35 Container0czZbxY
-rw-r--r-- 1 www-data www-data 893 Apr 17 10:25 SimpleSAML_KernelProdContainer.php
-rw-r--r-- 1 www-data www-data 0 Apr 17 10:25 SimpleSAML_KernelProdContainer.php.lock
-rw-r--r-- 1 www-data www-data 6117 Apr 17 10:25 SimpleSAML_KernelProdContainer.php.meta
-rw-r--r-- 1 www-data www-data 11240 Apr 17 10:25 SimpleSAML_KernelProdContainer.preload.php
drwxr-xr-x 3 www-data www-data 4096 Apr 17 10:25 Symfony
-rw-r--r-- 1 www-data www-data 98 Apr 17 10:25 annotations.map
drwxr-xr-x 3 www-data www-data 4096 Apr 17 10:25 pools

Are you saying I should delete that entire 'saml' directory?

Yes. Simplesamlphp will recreate it next time someone authenticates.

@justcaldwell AMAZING! That worked. I was able to successfully login via our dev OKTA app. I'm guessing we could do the same in our prod environment to make sure it works as expected too.

Also, if you don't mind answering, what was the local simplesamlphp admin app you were referring too? I'm not familiar with that UI so I don't believe it would be a blocker if it's still throwing that SAML error I posted for you as mentioned before.

If you enable it, simplesamlphp exposes a small admin app suite that provides to testing/admin tools. It's at simplesamlphp/simplesamlphp/public.

This all depends on your setup, where your vendor directory is, etc., but typically you'd have a symlink in your public web root that points to that 'public' directory so you can access it on your web server, e.g.

ln -s ../vendor/simplesamlphp/simplesamlphp/public docroot/simplesaml

Then you'd access it at https://yourserver.com/simplesaml/admin.

It's handy but not essential if authentication is working properly for you. If you don't see 'core' or 'admin' directories in /tmp/simplesaml, then it could be it was never enabled or used in your environment.

Understood. Looks I do have access to that UI via the path you mentioned in my test QA environment. Only see a SAML error when after I login and then go to "Federation" page. I don't think we'll need to play around in there anyway though. Thanks again for all of your help! Saved me a lot of time and lets us take our time with the transition to SAML AUTH module.

@justcaldwell fysa - i was doing some more testing and I ended up removing that doctrine/annotations (2.0.2) package from my lock file and the SAML login still worked in my test environment. So it appears that original error might have been directly caused by that stale simplesamlphp cache. Doesn't appear that doctrine/annotations package is needed after all (as that does get removed during the D10 to D11 upgrade)

Glad to help!

One last note: in the process of working through our upgrade to D11, I've realized that as long as the simplesamlphp cache is fully deleted, doctrine/annotations isn't needed to resolve this issue (for us at least). So we've removed it.

My mistake in #17 was that I only deleted the 'saml' cache directory, but left others.