My version of Plone is 5.1.6 and I am currently using plone.app.ldap for LDAP integration. My agency is switching over SAML integration. Which Plone add-on would be best for my version of Plone? Any advice or help would be most appreciated.
Thanks so much,
Angela
Angela, what type of provider is used for SAML? We're using metadata exchange with Shibboleth and the dm.zope.saml2 · PyPI add-on. I've been slow to actually test it because our SSO folks are currently MIA and I've got plenty of other projects.
Have a look at quintagroup's doc SAML2 Plone integration tutorial with Auth0 — Quintagroup
Angela,
How is your SAML adventures going?
I've managed to get dm.zope.saml2 and friends installed and have been working with our Shibboleth admins. I've been able to share metadata correctly but seem to be having an issue with our login redirection and maybe xmlSec?
I think I have to figure out how the xmlSec machinery works to get it to verify the cert that's being passed. Has anyone else gotten this far?
Cheers!
Thanks so much for asking @riker11451
I am stuck and don't quite know what to do next. I have added the following to my buildout:
eggs +=
....
dm.zope.saml2
zcml =
....
dm.zope.saml2
Getting distribution for 'dm.xmlsec.binding'.
Couldn't find index page for 'lxml' (maybe misspelled?)
No local packages or working download links found for lxml>=3.0
error: Could not find suitable distribution for Requirement.parse('lxml>=3.0')
An error occurred when trying to install dm.xmlsec.binding 2.2. Look above this message for any errors that were output by easy_install.
While:
Installing client1.
Getting distribution for 'dm.xmlsec.binding'.
Error: Couldn't install: dm.xmlsec.binding 2.2
I have the following downloaded packages in my buildout-cache:
buildout-cache/downloads/dist/lxml-4.9.3.tar.gz
buildout-cache/downloads/dist/xmlsec-1.3.13.tar.gz
buildout-cache/downloads/dist/dm.xmlsec.binding-2.2.tar.gz
buildout-cache/downloads/dist/dm.xmlsec.binding-1.3.7.tar.gz
buildout-cache/downloads/dist/dm.xmlsec.pyxb-1.1.tar.gz
buildout-cache/downloads/dist/PyXB-1.2.6.tar.gz
buildout-cache/downloads/dist/dm.reuse-2.2.tar.gz
buildout-cache/downloads/dist/dm.zope.schema-4.0.1.tar.gz
buildout-cache/downloads/dist/dm.zope.saml2-5.0.1.tar.gz
Don't quite know what to do next. Any help or advice would be most appreciated.
Thanks so much,
Angela
sudo apt install libxmlsec1-dev
Edit: note that we used the integration package with python3 fixes: GitHub - sixfeetup/collective.saml2: Installation of SAML2 web single-sign-on for Plone (dm.zope.saml2) Maybe your libxml prerequisite will be different
I have already installed libxmlsec1-dev and even tried collective.saml2 and still end up with the same error message:
Getting distribution for 'dm.xmlsec.binding>1.1'.
Couldn't find index page for 'lxml' (maybe misspelled?)
No local packages or working download links found for lxml>=3.0
error: Could not find suitable distribution for Requirement.parse('lxml>=3.0')
An error occurred when trying to install dm.xmlsec.binding 2.2. Look above this message for any errors that were output by easy_install.
While:
Installing client1.
Getting distribution for 'dm.xmlsec.binding>1.1'.
Error: Couldn't install: dm.xmlsec.binding 2.2
I am having issues installing dm.xmlsec.binding 2.2.
Angela Wong via Plone Community wrote at 2023-9-6 22:20 +0000:
I have already installed libxmlsec1-dev and even tried collective.saml2 and still end up with the same error message:
Getting distribution for 'dm.xmlsec.binding>1.1'.
Couldn't find index page for 'lxml' (maybe misspelled?)
No local packages or working download links found for lxml>=3.0
error: Could not find suitable distribution for Requirement.parse('lxml>=3.0')
An error occurred when trying to install dm.xmlsec.binding 2.2. Look above this message for any errors that were output by easy_install.
While:
Installing client1.
Getting distribution for 'dm.xmlsec.binding>1.1'.
Error: Couldn't install: dm.xmlsec.binding 2.2
dm.xmlsec.binding depends on lxml.
For some (unknown) reason, no lxml>=3.0 distribution is found in your
case. This is strange, because lxml==4.9.3 is available on PyPI.
I know about one problem with dm.xmlsec.binding and buildout:
dm.xmlsec.binding has a lxml dependency both in its
setup_requires and install_requires. To resolve setup_requires
dependencies, buildout does not set up the buildout configuration, i.e.
the buildout configuration options index and find-links are not
applied.
Usually, this should not make a problem because lxml can be found on PyPI
(the default index). However, older buildout versions access PyPI
via http and nowadays PyPI requires https.
Such older buildout versions require an index definition telling
buildout to use https for PyPI access. And such a definition is
not applied for the resolution of setup_requires dependencies.
My suggestion: try to use the newest buildout version compatible
with your setup. Maybe, this will resolve the issue.
Note that there may still be a problem: the lxml version
used to resolve setup_requires may be different from that
used by your Plone installation. However, the likelyhood of
corresponding problems is small: dm.xmlsec.binding depends
only weakly on lxml for its setup -- small parts of the interface
description files and those are quite stable across lxml versions.
If the compilation of dm.xmlsec.bindung succeeds, you should not
have further problems.
If using the newest buildout version compatible with your setup
does not resolve the problem, you may try to install
dm.xmlsec.binding manually.
You have serveral options:
install it via pip in the virtual env used by your setup.
BUT this may have unexpected side effects:
I have observed problems when some packages of a namespace package
(e.g. the "dm" above) have been directly installed in the virtual env
and others have been installed via builtout: the path for such
a namespace package was not set up correctly resulting in
import failures for some subpackages.
install it via pip and create from the installation a folder
in the eggs directory used by your buildout installation
representing the installation for buildout.
BUT this is not easy: a modern pip installation
uses a different layout than the one used by buildout:
pip typically puts package metadata into an EGG_INFO and
copies the package code into the normal folder structure
determined by the package name (this means that subpackages
of the samr namespace package share upper folder levels);
buildout, too, uses EGG_INFO but part of the metadata
is coded in the folder name, the package code is managed
in its own folder tree (no sharing) and an ".pth" file is required.
When you install manually, you must ensure that the manual installation
uses the same versions (both for primary installation as well as for
its dependencies) than those used by buildout.
You can achieve this via a pip requirements or constrains file.
As you see from the description above, manual installation may not be easy.
A further option is to use LXML_HOME.
dm.xmlsec.binding only uses lxml in its setup_requires
if the environment variable LXML_HOME is not set.
Thus, the setup_requires/buildout problem disappears when this envvar is set.
However, the value of this envvar must point to the source of
the correct lxml version. Thus, you must download this source
and let the envvar point to it.
Thank you SO MUCH for your help. I apologize for the slow response. We were trying to troubleshoot our Plone setup to see why we could not install your product. As it turned out, it was our LDAP setup that we messing up the SAML installation. We had to remove the LDAP setup before we could install SAML. I think we may have had a development version of LDAP that was not stable. Thank you again for your help. It is very much appreciated.
We have been using Quintagroup's tutorial at SAML2 Plone integration tutorial with Auth0 — Quintagroup to help us with the SAML configuration. They are using Auth0 in their example. Is the setup for Azure the same as for Auth0? Any advice would be most appreciated. Thank you.
@angelawong I wrote a new saml plugin, which includes a HowTo in the Readme, on how to configure azure enterprise app as IDP. --> New saml2 Plugin for Plone 6 based on python3-saml This applies to all SAML plugins.
Mathias, thank you.
Would this help with our Plone 5.1 installation?
Thanks so much,
Angela
Not the plugin, but the documentation regarding azure should help
This has been used in production with plone 5.2
Uses msal · PyPI library to authenticate into Azure Tenants and stores the auth token into a plone.session.
alessandro.
I tried to install msal to my Plone 5.2.1 with Python 2.7 and I keep getting this error:
ValueError: need more than 0 values to unpack
Please advise. Thanks so much!
These kind of errors are relatet do buildout/setuptools mismatch versions.
Try to use those recomended in the requirements of Plone 5.2.1:
From plonme 5.2.1 docker build:
ZC_BUILDOUT=2.13.2
SETUPTOOLS=45.0.0
From constraints_plone.txt in the product:
setuptools==40.2.0
If it still doesn't work please post full traceback.
alessandro.