Issue installing on Windows server

[callumlew]

Hi there,

I have been asked to install this plugin on a Moodle hosted on a windows based server, however this is causing some issues. If I try to attempt to regenerate Private key and certificate I get the following errors:

Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in C:\inetpub\wwwroot\moodle-development\auth\saml2\setup.php on line 82

Warning: openssl_x509_export(): cannot get cert from parameter 1 in C:\inetpub\wwwroot\moodle-development\auth\saml2\setup.php on line 83

Warning: openssl_pkey_export(): cannot get key from parameter 1 in C:\inetpub\wwwroot\moodle-development\auth\saml2\setup.php on line 84

Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in C:\inetpub\wwwroot\moodle-development\auth\saml2\setup.php on line 82

Warning: openssl_x509_export(): cannot get cert from parameter 1 in C:\inetpub\wwwroot\moodle-development\auth\saml2\setup.php on line 83

Warning: openssl_pkey_export(): cannot get key from parameter 1 in C:\inetpub\wwwroot\moodle-development\auth\saml2\setup.php on line 84

The actual path for the certificate is displayed as Path: C:\inetpub\moodledata-development/saml2/website.co.uk.crt

Is this plugin supported for window servers?

Thanks

[brendanheywood]

Yes people are running this on windows. You may be missing some php libs, have you double checked the equivalent of this step on windows?:

https://github.com/catalyst/moodle-auth_saml2#installation

Or may also be something up with the permissions on the filedir for the cert files. Or possibly a slightly different syntax for the file path. I can't really support you that well one windows, but if you find a fix or a workaround please let me know

[wdci-dev]

Hi there,

I'm not sure if this is related. I tried to install the latest plugin on Moodle 3.6, and I got this error:

Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 75

Warning: openssl_x509_export(): cannot get cert from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 76

Warning: openssl_pkey_export(): cannot get key from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 77

Warning: openssl_pkey_export(): cannot get key from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 78

Warning: openssl_csr_sign(): cannot get CSR from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 75

Warning: openssl_x509_export(): cannot get cert from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 76

Warning: openssl_pkey_export(): cannot get key from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 77

Warning: openssl_pkey_export(): cannot get key from parameter 1 in C:\Moodle36\server\moodle\auth\saml2\setuplib.php on line 78

Are you able to shed some light?

Thanks!

[brendanheywood]

SAML needs to openssl libraries to be installed and available, see:

http://php.net/manual/en/openssl.installation.php

[wdci-dev]

Hi @brendanheywood thanks for the reply. Yes, I can confirm that the openssl module is enabled in Moodle36\server\php\phhp.ini and the library is available in Moodle36\server\php\ext.

I have also setup the OPENSSL_CONF in windows environment variable that is pointing to Moodle36\server\apache\conf\openssl.cnf. But I'm still getting the error after restarting moodle. Do I need to generate a new certificate manually using openssl? Where should I place the cert and key file?

Thanks.

[brendanheywood]

The saml plugin normally auto creates files in the moodle site data dir like this:

[sitedata]/saml2/moodle.local.crt [sitedata]/saml2/moodle.local.pem [sitedata]/saml2/moodle.local.xml (the SP metadata)

moodle.local should match the domain of your moodle. I have never attempted to create these files manually here in the right shape, but if you succeed please document the steps here.

Alternatively, and probably easier, you could just debug why these php functions are failing. I have a vague feeling that there is something not escaped or handled correctly when joining some paths together to get a fully qualified path name on windows. The fix is probably quite trivial once found. But I'm sorry I can't personally help a great deal on the windows front.

If commercial support is an option for you then please contact us:

https://www.catalyst-au.net/content/contact-us

[wdci-dev]

Hi @brendanheywood thanks for the help. It seems that it is plugin compatibility issue. I installed it on moodle 3.5 and it seems to be working fine. I thought I could use it with moodle 3.6 :)

[brendanheywood]

So you are saying the openssl_csr_sign() issue happens on 3.6 and does not in 3.5 ?

That is odd, generally speaking most plugins are backward compatible with newer moodles. The supported versions metadata for the plugin may be out of date but I would still expect this to work.

[wdci-dev]

Yes, I find it weird too. I haven't tried on unix env though because I only have windows at the moment.

[zealotrahl]

My moodle version is 3.6.4, I run it on Windows (xampp), and I'm getting the same error

[brendanheywood]

I've dug into this and found that on some servers if the OPENSSL env var is set (eg the moodle bitnami image), there can be some specific config in here which breaks moodle. I haven't dug further into the exact config which breaks it but in this case simply not loading the config file at all worked fine.

So an interim workaround is to either unset that var, or create a second config file and point it at that. I'm thinking about adding another admin setting to override the env var but I'm not a huge fan of that approach.