Pass SSP proxy-settings to Guzzle

[tvdijen]

I have to use the company proxy to connect outside our network, but this module currently doesn't pass SSP's proxy-settings to the HTTP-client.

Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] SimpleSAML\Error\AuthSource: Error with authentication source 'microsoft': Error on oauth2 linkback endpoint.
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] Backtrace:
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 4 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/OAuth2ResponseHandler.php:106 (SimpleSAML\Module\authoauth2\OAuth2ResponseHandler::handleResponseFromRequest)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 3 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/OAuth2ResponseHandler.php:59 (SimpleSAML\Module\authoauth2\OAuth2ResponseHandler::handleResponse)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 2 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/public/linkback.php:4 (require)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 1 /var/opt/simplesamlphp/simplesamlphp-2.2.1/src/SimpleSAML/Module.php:302 (SimpleSAML\Module::process)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 0 /var/opt/simplesamlphp/simplesamlphp-2.2.1/public/module.php:17 (N/A)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] Caused by: GuzzleHttp\Exception\ConnectException: cURL error 7: Failed to connect to login.microsoftonline.com port 443: Connection timed out (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://login.microsoftonline.com/myTenant.onmicrosoft.com/oauth2/v2.0/token
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] Backtrace:
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 23 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:210 (GuzzleHttp\Handler\CurlFactory::createRejection)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 22 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:158 (GuzzleHttp\Handler\CurlFactory::finishError)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 21 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Handler/CurlFactory.php:110 (GuzzleHttp\Handler\CurlFactory::finish)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 20 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Handler/CurlHandler.php:47 (GuzzleHttp\Handler\CurlHandler::__invoke)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 19 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/PrepareBodyMiddleware.php:64 (GuzzleHttp\PrepareBodyMiddleware::__invoke)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 18 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Middleware.php:31 (GuzzleHttp\Middleware::GuzzleHttp{closure})
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 17 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/RedirectMiddleware.php:71 (GuzzleHttp\RedirectMiddleware::__invoke)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 16 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Middleware.php:66 (GuzzleHttp\Middleware::GuzzleHttp{closure})
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 15 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/HandlerStack.php:75 (GuzzleHttp\HandlerStack::__invoke)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 14 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Client.php:333 (GuzzleHttp\Client::transfer)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 13 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Client.php:106 (GuzzleHttp\Client::sendAsync)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 12 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/guzzlehttp/guzzle/src/Client.php:124 (GuzzleHttp\Client::send)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 11 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:706 (League\OAuth2\Client\Provider\AbstractProvider::getResponse)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 10 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:719 (League\OAuth2\Client\Provider\AbstractProvider::getParsedResponse)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 9 /var/opt/simplesamlphp/simplesamlphp-2.2.1/vendor/league/oauth2-client/src/Provider/AbstractProvider.php:635 (League\OAuth2\Client\Provider\AbstractProvider::getAccessToken)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 8 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/Auth/Source/OAuth2.php:214 (SimpleSAML\Module\authoauth2\Auth\Source\OAuth2::SimpleSAML\Module\authoauth2\Auth\Source{closure})
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 7 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/Auth/Source/OAuth2.php:310 (SimpleSAML\Module\authoauth2\Auth\Source\OAuth2::retry)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 6 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/Auth/Source/OAuth2.php:317 (SimpleSAML\Module\authoauth2\Auth\Source\OAuth2::retry)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 5 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/Auth/Source/OAuth2.php:212 (SimpleSAML\Module\authoauth2\Auth\Source\OAuth2::finalStep)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 4 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/OAuth2ResponseHandler.php:94 (SimpleSAML\Module\authoauth2\OAuth2ResponseHandler::handleResponseFromRequest)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 3 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/src/OAuth2ResponseHandler.php:59 (SimpleSAML\Module\authoauth2\OAuth2ResponseHandler::handleResponse)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 2 /var/opt/simplesamlphp/simplesamlphp-2.2.1/modules/authoauth2/public/linkback.php:4 (require)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 1 /var/opt/simplesamlphp/simplesamlphp-2.2.1/src/SimpleSAML/Module.php:302 (SimpleSAML\Module::process)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] 0 /var/opt/simplesamlphp/simplesamlphp-2.2.1/public/module.php:17 (N/A)
Apr 24 11:25:43 sv2210942 IDP-BZK[4013329]: 3 [5fd8bc029e] Error report with id df04cf97 generated.

[pradtke]

Adding the workaround @tvdijen shared with me

      'authName' => array(
              'authoauth2:OAuth2',
              // *** Required for all integrations ***
              'urlAuthorize' => 'https://www.example.com/oauth2/authorize',
              'urlAccessToken' => 'https://www.example.com/oauth2/token',
              'urlResourceOwnerDetails' => 'https://api.example.com/userinfo',
              // other settings
              'proxy' => [
                  'http' => 'http://myproxy:8080/',
                  'https' => 'http://myproxy:8080/',
              ],
      )

and the preferred solution would be, if the proxy setting is not defined in authsource, use the settings from config.php. Those settings may differ from the way Guzzle expects them. e.g. in config.php the proxy setting may equal 'tcp://proxy.example.com:5100' , while Guzzle wants the scheme to be http. proxy authentication is handled by guzzle as part of the url, while in config.php it is a separate setting.