Acquia provides a high level configuration overview and script to aid in SimpleSAMLphp setup. Recently we have updated the script with new functionality. The earlier script contained the following block:
// $ah_options['database_name'] should be the Acquia Cloud workflow database name which
// will store SAML session information.set
// You can use any database that you have defined in your workflow.
// Use the database "role" without the stage ("dev", "stage", or "test", etc.)
$ah_options = array(
'database_name' => 'mydatabasename',
'session_store' => array(
'prod' => 'memcache',
'test' => 'memcache',
'dev' => 'database',
),
);
Under the prior script, any new environments beyond prod, test, and dev would require manual config changes. The script now contains session storage logic that automatically scales to additional environments without manual configuration. This is particularly helpful for Acquia Cloud CD customers that frequently spin up new on-demand environments.
Symptoms to look out for
A SimpleSAMLphp site with the older configuration will not work on an environment that isn't explicitly specified in the config. The site will respond correctly for anonymous users. Authenticated users will encounter the following error in the browser:
The website encountered an unexpected error. Please try again later.
The corresponding drupal-watchdog.log entry reveals more information:
Sep 5 21:04:52 172.16.2.188 exampleapplication: https://exampleapplication.prod.acquia-sites.com|1536181492|php|207.173.24.186|https://exampleapplication.prod.acquia-sites.com/user/1/edit?pass-reset-token=LkwDM45klrukl4ZLlD1bLKyioM4GfBBjhjhBEpAjhDolldhOR8V7hFiW-1jWcMWQ||1||Notice: Undefined index: ode1 in acquia_session_store_config() (line 1033 of /mnt/www/html/exampleapplication/simplesamlphp/config/config.php) #0 /mnt/www/html/exampleapplication/docroot/core/includes/bootstrap.inc(582): _drupal_error_handler_real(8, 'Undefined index...', '/mnt/www/html/b...', 1033, Array)
Steps to resolution
If you have implemented SimpleSAMLphp prior to June 2018 and use environments beyond dev, stage, and prod, we recommend updating the config.php script to implement the new script. Doing so will ensure your SimpleSAMLphp authentication will continue to work on all current and future environments of your application.
An alternative solution would be to manually add the additional environment and storage type to the array after the dev line. For example, to add an environment named ode with database storage, one would add the following after the dev line:
'newenv' => 'database',
Full example:
$ah_options = array(
'database_name' => 'mydatabasename',
'session_store' => array(
'prod' => 'memcache',
'test' => 'memcache',
'dev' => 'database',
'ode' => 'database',
),
);
Please note the alternative solution will need to be done for every new environment.