Our indico server displays an “Internal Server Error” when saml is enabled. It seems related to the xmlsec library.
$ cat /etc/redhat-release
AlmaLinux release 9.4 (Seafoam Ocelot)
$ python -V
Python 3.12.5
$ pip freeze | grep indico
indico==3.3.3
indico-fonts==1.2
indico-plugin-citadel==3.3
indico-plugin-cloud-captchas==3.3
indico-plugin-livesync==3.3
indico-plugin-owncloud==3.3
indico-plugin-payment-manual==3.3
indico-plugin-payment-paypal==3.3
indico-plugin-payment-sixpay==3.3
indico-plugin-piwik==3.3
indico-plugin-previewer-code==3.3
indico-plugin-previewer-jupyter==3.3
indico-plugin-prometheus==3.3
indico-plugin-storage-s3==3.3
indico-plugin-ursh==3.3
indico-plugin-vc-zoom==3.3
indico-plugins==3.3
In Authentication — Indico 3.3.3 documentation indicates that it is necessary to install the xmlsec1-devel package for RPM-based systems.
However, without the package installed it is possible to run pip install python3-saml without error.
$ pip install python3-saml
Requirement already satisfied: python3-saml in ./.venv/lib/python3.12/site-packages (1.16.0)
Requirement already satisfied: lxml!=4.7.0,>=4.6.5 in ./.venv/lib/python3.12/site-packages (from python3-saml) (5.2.1)
Requirement already satisfied: isodate>=0.6.1 in ./.venv/lib/python3.12/site-packages (from python3-saml) (0.6.1)
Requirement already satisfied: xmlsec>=1.3.9 in ./.venv/lib/python3.12/site-packages (from python3-saml) (1.3.14)
Requirement already satisfied: six in ./.venv/lib/python3.12/site-packages (from isodate>=0.6.1->python3-saml) (1.16.0)
Even after install xmlsec1-devel, the error remains
dnf install xmlsec1-devel
(xmlsec1-devel-1.2.29-9.el9.x86_64.rpm)
Error message:
Traceback (most recent call last):
File "/opt/indico/web/indico.wsgi", line 9, in <module>
application = make_app()
^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/indico/web/flask/app.py", line 420, in make_app
multipass.init_app(app)
File "/opt/indico/.venv/lib/python3.12/site-packages/indico/core/auth.py", line 80, in init_app
super().init_app(app)
File "/opt/indico/.venv/lib/python3.12/site-packages/flask_multipass/core.py", line 73, in init_app
state.auth_providers = ImmutableDict(self._create_providers('AUTH', AuthProvider))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/flask_multipass/core.py", line 461, in _create_providers
cls = resolve_provider_type(base, settings.pop('type'), registry)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/flask_multipass/util.py", line 158, in resolve_provider_type
cls = entry_point.load()
^^^^^^^^^^^^^^^^^^
File "/opt/indico/.venv/lib/python3.12/site-packages/importlib_metadata/__init__.py", line 184, in load
module = import_module(match.group('module'))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/indico/.pyenv/versions/3.12.5/lib/python3.12/importlib/__init__.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<frozen importlib._bootstrap>", line 1387, in _gcd_import
File "<frozen importlib._bootstrap>", line 1360, in _find_and_load
File "<frozen importlib._bootstrap>", line 1331, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 935, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 995, in exec_module
File "<frozen importlib._bootstrap>", line 488, in _call_with_frames_removed
File "/opt/indico/.venv/lib/python3.12/site-packages/flask_multipass/providers/saml.py", line 10, in <module>
from onelogin.saml2.auth import OneLogin_Saml2_Auth
File "/opt/indico/.venv/lib/python3.12/site-packages/onelogin/saml2/auth.py", line 12, in <module>
import xmlsec
xmlsec.InternalError: (-1, 'lxml & xmlsec libxml2 library version mismatch')
unable to load app 0 (mountpoint='') (callable not found or import error)
Is there any way to resolve this?
Thanks in advance