SAML broken with alpine 3.8

[LordVeovis]

The recent bump to alpine 3.8 (#305) for mattermost/mattermost-prod-app rise a unresolved error with xmlsec (stacktrace below) yet.
This affect version 5.3.0 and latest 5.2.x only for users trying to authenticating through SAML.

The related bug on the alpine bugtracker: https://bugs.alpinelinux.org/issues/9110

The logged error when a user does a SAML login (I applied some change for readability)

app_1  | 2018-09-17T09:11:03.402398946Z {  
   "level":"error",
   "ts":1537175463.4021852,
   "caller":"web/context.go:60",
   "msg":"An error occurred while validating the response from the Identity Provider. Please contact your System Administrator.",
   "path":"/login/sso/saml",
   "request_id":"7bzwuebscjbu8rc3ywpxf6sqce",
   "ip_addr":"a",
   "user_id":"",
   "method":"POST",
   "err_where":"SamlInterfaceImpl.DoLogin",
   "http_code":302,
   "err_details":"err=failed to verify signature: error invoking xmlsec1: func=xmlSecCryptoDLLibraryCreate:file=dl.c:line=130:obj=unknown:subj=lt_dlopenext:error=7:io function failed:name=\"libxmlsec1-openssl\"; errno=2
func=xmlSecCryptoDLGetLibraryFunctions:file=dl.c:line=436:obj=unknown:subj=xmlSecCryptoDLLibraryCreate:error=1:xmlsec library function failed:crypto=openssl
func=xmlSecCryptoDLLoadLibrary:file=dl.c:line=393:obj=unknown:subj=xmlSecCryptoDLGetLibraryFunctions:error=1:xmlsec library function failed: 
Error: unable to load xmlsec-openssl library. Make sure that you have
this it installed, check shared libraries path (LD_LIBRARY_PATH)
envornment variable or use \"--crypto\" option to specify different
crypto engine.
Error: initialization failed
func=xmlSecCryptoShutdown:file=app.c:line=65:obj=unknown:subj=unknown:error=9:feature is not implemented:details=cryptoShutdown
Error: xmlSecCryptoShutdown failed
Error: xmlsec crypto shutdown failed.
Usage: xmlsec <command> [<options>] [<files>]

xmlsec is a command line tool for signing, verifying, encrypting and
decrypting XML documents. The allowed <command> values are:
  --help      	display this help information and exit
  --help-all  	display help information for all commands/options and exit
  --help-<cmd>	display help information for command <cmd> and exit
  --version   	print version information and exit
  --keys      	keys XML file manipulation
  --sign      	sign data and output XML document
  --verify    	verify signed document
  --sign-tmpl 	create and sign dynamicaly generated signature template
  --encrypt   	encrypt data and output XML document
  --decrypt   	decrypt data from XML document


Report bugs to http://www.aleksey.com/xmlsec/bugs.html

Written by Aleksey Sanin <aleksey@aleksey.com>.

Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved..
This is free software: see the source for copying information.

: exit status 1"
}

[LordVeovis]

I confirm that rebuilding mattermost/mattermost-prod-app:5.3.0 with alpine:3.7 resolve the issue.

[pichouk]

Hi,

thanks for the report, it seems that there is an issue with xmlsec-openssl :
Error: unable to load xmlsec-openssl library.

it looks like it is an Alpine Linux issue. Don't know if it will be fixed or if we should rollback.

[cpanato]

I move to k8s and we use saml and the using alpine:3.8 the saml integration is broken.
I will open a PR to we downgrade to 3.7

And will monitor the new release for alpine or if they release somehow the xmlsec

[pichouk]

I forgot this issue sorry... Thanks @cpanato for your PR :)

[cpanato]

thanks. closing