http://coldfusion.com logo
Join Slack
Powered by
Any CFConfig users on Adobe who are using one or c...
# adobe
b
Any CFConfig users on Adobe who are using one or call of the following settings • Services > Cloud credentials • Services > Cloud Configuration • Security > IDP Configuration • Security > SP Configuration who want to help smoke test support for these settings in CFConfig for me?
j
I use the IDP/SP ones
b
And you use CFConfig?
j
yes
b
Ok, let me cut a beta release for you to try real quick. I'm just a little nervous adding a bunch of stuff with only me testing some super contrived examples
@John Liljegren Can you please update your CFConfig version
Copy code
update --system
and test importing and exporting your settings?
If you run
Copy code
cfconfig show
you should see the SAML stuff there under the keys 
SAMLIdentityProviders
and 
SAMLServiceProviders
Those configs should come out into the JSON files
Copy code
cfconfig export .cfconfig.json
and go back into a fresh server
Copy code
cfconfig import .cfconfig.json
And they should show up in the diff command
Copy code
cfconfig diff server1 server2
# or...
cfconfig diff server1 .cfconfig.json
j
what is the cfconfig version
i updated to 1.10.4, but not seeing those keys
b
Can you show me your
Copy code
list --system
output?
The 
cfconfig-services
package should have 
-beta
on the end of the version
j
Dependency Hierarchy for CommandBox System (1.0.0) ├─┬ commandbox-cfconfig (1.10.4) │ └─┬ cfconfig-services (1.19.0-beta) │ ├── lucee-password-util (1.0.3) │ ├── coldbox () │ ├── testbox () │ ├─┬ JSONPrettyPrint (1.4.1) │ │ ├── coldbox () │ │ └── testbox () │ ├─┬ adobe-password-util (1.0.8) │ │ └── propertyFile () │ ├─┬ semver (1.2.6) │ │ └── testbox () │ └── propertyFile (1.3.2) └── commandbox-hostupdater (1.9.2)
b
looks good
Did you restart CommandBox just for good measure
Also, can you confirm the server you're looking at has config for those items present?
j
exiting the shell and starting again seems to have helped
i now get an error
b
What is it?
j
The parameter [entityId] to function [addSAMLIdentityProvider] is required but was not passed in. \modules\commandbox-cfconfig\modules\cfconfig-services\models\BaseAdobe.cfc: line 234 232: if( !isNull( thisIdentityProvider.SSOURL ) ) { params.SSOURL = thisIdentityProvider.SSOURL } 233: 234: addSAMLIdentityProvider( argumentCollection = params ); 235: } 236: } called from \modules\commandbox-cfconfig\modules\cfconfig-services\models\BaseAdobe.cfc: line 174 called from \modules\commandbox-cfconfig\modules\cfconfig-services\models\CFConfigService.cfc: line 248 called from \modules\commandbox-cfconfig\commands\cfconfig\export.cfc: line 176 called from \system\services\CommandService.cfc: line 443 called from \system\services\CommandService.cfc: line 225 called from \system\Shell.cfc: line 820 called from \system\Shell.cfc: line 635 called from \system\Bootstrap.cfm: line 160
b
Interesting- do you have an IP without an entity?
From, what I saw in the cf admin web UI, that was a required field
j
i'm pretty sure this is because there's a bug where you can generate an IdP without an entityID, yeah
b
lol, ok. We'll I can remove that requirement CFConfig. I was just trying to prevent invalid configs from being loaded.
Please update and try again
You can just run
Copy code
reload
in the shell to reload CommandBox after the update
j
working now! looks good, i'll try to test more later
b
Thanks!
j
thank you!
b
You can thank my client who sponsored the feature 😆 😁
j
i think there's an issue
• i started getting this: class coldfusion.server.ConfigMap cannot be cast to class coldfusion.saml.SpConfiguration (coldfusion.server.ConfigMap is in unnamed module of loader coldfusion.bootstrap.BootstrapClassLoader @77602954; coldfusion.saml.SpConfiguration is in unnamed module of loader org.apache.felix.framework.BundleWiringImpl$BundleClassLoader @3d15207b)
i think the classes get pulled in wrong
b
Hmm, I assume that is related to WDDX and the fact that it's dumb, but I'm not sure why you're getting that and no one else is
And by "no one else", I pretty much mean the other two people who have tested this, lol
Is there a stack trace for your error?
j
just what i posted i think
b
hmm, seems like there should be more
Are you seeing that in the CLI or in your server logs?
j
i'm in the administrator, there is probably more
but i'm pretty sure the issue is this:
<data> <struct type="coldfusion.server.ConfigMap"> <var name="IdentityProvidersMap"> <struct type="coldfusion.server.ConfigMap"> <var name="mma3"> <struct type="coldfusion.server.ConfigMap">
that last struct should be coldfusion.saml.SpConfiguration
b
Ahh, so you're seeing this in the actual web admin?
j
i mean coldfusion.saml.IdpConfiguration
b
They are terrible about not showing the full error messages
j
yeah, just but going to edit one
b
Yes, I assume that's the issue as well
j
the error also does trip if i try to use saml functions
b
WDDX is stupid and Adobe NORMALLY uses ConrfigMap for their structs, but not always
I don't know why they couldn't just use normal structs
I still don't understand why I didn't see that error
Do you have the exact steps you took to reproduce this?
j
i just tried to use saml today after doing the export and import last week
let me delete all the sps and idps and try again
another thing i'm seeing
is idp metadataurl is not getting saved
and yeah that error happens if i add an idp, export config, restart server w/config auto imported
probably would w/sp too
b
Yeah, I see the issue there
Adobe sometimes makes custom java classes to map to the WDDX structs
But in addition to not even loading typed structs correctly in WDDX, Lucee also doesn't even have access to those Java classes so it doesn't know how to deserialize them.
So I have to strip the types out of the WDDX XML before parsing it and then blindly stick them back in when storing the XML again
Adobe's admin uses 
ConfigMap
for 99% of their WDDX files, but in a few cases they try to get clever and it seems this is another one of those
Which leads to crappy workarounds in CFConfig like this
Copy code
wddx action='cfml2wddx' input=data output='local.thisConfigRaw';
		thisConfigRaw = thisConfigRaw.replaceNoCase( '<struct>', '<struct type="coldfusion.server.ConfigMap">', 'all' );
		// Adobe started erroring out if the conenctionProps struct was of type ConfigMap.
		thisConfigRaw = thisConfigRaw.replaceNoCase( '<var name=''CONNECTIONPROPS''><struct type="coldfusion.server.ConfigMap">', '<var name=''CONNECTIONPROPS''><struct>', 'all' );
I've just got to figure out how to identify the XML parts that need custom types for SAML and replace them
I think I didn't noticed it since Adobe only reads the file when starting. When I would make changes to a runner server, Adobe was just using the config it had cached in memory
I see Adobe also decided to use a HashMap as well. 🤔
Copy code
<var name='IdentityProvidersMap'>
        <struct type='java.util.HashMap'>
          <var name='sdfsdfasdf'>
            <struct type='Lcoldfusion.saml.IdpConfiguration;'>
Regarding the IDP metadata URL, can you show me where that is
I tested using the "Create your own SAML Definition" option and there doesn't appear to be any metadata URL I can find
perhaps this is specific to one of the other methods of creating an IDP, such as "Import from SAML URL" but I don't have a SAML URL and even though I tried Googling for one during development, I wasn't able to find one to test with.
Can you show me how to get an IDP MetaData URL?
@John Liljegren
j
hey sorry, yeah i have a local docker server i use
but there are public ones, let me see
actually i recommend just going with your own local one: https://github.com/kenchan0130/docker-simplesamlphp
then you can confirm things work
b
That sounds like way too much work, lol
Can you just show me where in the WDDX the URL saves?
j
sure
<var name='IdentityProvidersMap'>
<struct type='coldfusion.server.ConfigMap'> <var name='SAM'> <struct type='Lcoldfusion.saml.IdpConfiguration;'> <var name='description'> <string></string> </var> <var name='encryptRequests'> <boolean value='false'/> </var> <var name='metadataUrl'> <string>http://localhost:8080/simplesaml/saml2/idp/metadata.php</string> </var> <var name='signRequests'> <boolean value='false'/> </var> </struct> </var> </struct> </var>
b
Wow, interesting . So that's all it stores in that case?
I assumed it just imported all the details and stored like the other options
j
yeah just the url
b
I can add that 
metaDataUrl
to save as well
It's really annoying when acronyms like 
URL
are stored as 
Url
to me, lol
Our Ortus coding standards says to upper case acronymns
j
even if it starts with the acronym?
NCAASchool vs ncaaSchool... yeah kinda tough
b
Yep, always upper
That way it's consistent
Ok @John Liljegren can you please update to the latest CFConfig and give this a try
• metadataURL should be saving for IDP • The WDDX struct types for 
SpConfiguration
and 
IdpConfiguration
should be saving correctly
Let me know if it's all working
j
getting back to testing this, and it looks like signKeystoreAlias is not getting exported
seems like it's getting imported just fine
@bdw429s
b
Where is that field at?
Which admin screen?
j
SP Configuration
(btw, I just asked a question re: commandbox and podman in the #lucee channel... hoping you may have some insight!)
b
Yep, there was a typo on the code that reads 
signKeystoreAlias
@John Liljegren Alright, update and try again please
j
looks good now!
👍 1
6 Views
Open in Slack
PreviousNext
Powered by