korotovsky / singlesignonidentityproviderbundle Goto Github PK
View Code? Open in Web Editor NEWSingle Sign On bundle for Symfony2 projects. IdP part.
License: MIT License
Single Sign On bundle for Symfony2 projects. IdP part.
License: MIT License
I followed the documentation here and i got this error;
No ServiceProvider managers found. Make sure that you have at least one ServiceProvider manager tagged with "sso.service_provider". Please help @korotovsky
I've managed to nearly get this working but when I'm logging into the IdP I'm getting the error
No route found for "GET /login_check": Method Not Allowed (Allow: POST)
This is my security config and I'm not sure where to go next as there seems to be some kind of conflict. Is there any way to get this working with the fos_userbundle
?
`security:
providers:
fos_userbundle:
id: fos_user.user_provider.username_email
encoders:
FOS\UserBundle\Model\UserInterface: bcrypt
firewalls:
main:
pattern: ^/
form_login:
provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager
login_path: /
success_handler: user_listener
use_referer: true
logout:
success_handler: logout_listener
anonymous: true`
I config the message as below
Step 1
//composer.json
"korotovsky/sso-idp-bundle": "0.3.3",
Step 2 and Step 3 have the same configuration as you
Step 4
# app/config/config.yml:
krtv_single_sign_on_identity_provider:
host: 127.0.0.1:8000
host_scheme: http
login_path: /sso/login/
logout_path: /sso/logout
services:
- consumer1
- consumer2
otp_parameter: _otp
secret_parameter: secret
Step 5 and Step 6 ,the configuration is the same as you
Step 7 and Step 8 ,I‘m not config.
Step 9 ,the configuration is the same as you
After these,
I run php .\bin\console server:run
the app.session.get('_security.main.target_path') value is http://127.0.0.1:8000/sso/login/?_failure_path=http://127.0.0.1:8000/login?_target_path=http://127.0.0.1:8000/login?_hash=F4JfXdZLdfB6BkFxSudy41%2FmCShicEHy3eCJElcumiE=&login_required=1&_target_path=http://127.0.0.1:8000/otp/validate/?_hash=XuM9xZHRqQStsLJxdoK2BcOvEu3rcsGOx15IEtlBaVo=&_target_path=http://127.0.0.1:8000:login?_hash=F4JfXdZLdfB6BkFxSudy41%252FmCShicEHy3eCJElcumiE%253D&login_required=1&_target_path=http://127.0.0.1:8000/otp/validate/?_hash=K%2BWuaNaDT8dgCfdG0b2ZZ9Ljb4ignUDR1D1jIRxAghQ=&_target_path=http://127.0.0.1:8000%2Fotp%2Fvalidate%2F?_hash=XuM9xZHRqQStsLJxdoK2BcOvEu3rcsGOx15IEtlBaVo%253D%26_target_path=http%253A%252F%252F127.0.0.1%253A8000%252Flogin%253F_hash%253DF4JfXdZLdfB6BkFxSudy41%25252FmCShicEHy3eCJElcumiE%25253D&login_required=1&_target_path=http://127.0.0.1:8000/otp/validate/?_hash=Vw9u1RFWc4QgMaj5y5pOzUt8rs%2BDyNuYuGukj9y1eSo=&_target_path=http://127.0.0.1:8000%2Fotp%2Fvalidate%2F?
The README documentation suggests to write a LogoutSuccessHandler::onLogoutSuccess() method, and call this line :
$this->serviceManager->clear();
It is not sufficient for clearing the '_logout/processed' session variable.
I have added the line :
$request->getSession()->remove(LogoutManager::SERVICE_SESSION_NS);
Without this clearing, if the user wants to login on Consumer1 again and logout again, he will not be logged-out on Consumer2.
Results in 404 after redirect to the service provider because "?" is missing. Is this intended behavior?
Hi @korotovsky, Please can you help me explain why I'm getting this error.
getOTPValidationUrl is not a method in a class that extends Krtv\Bundle\SingleSignOnIdentityProviderBundle\Manager\ServiceProviderInterface
Can I also use this bundle even if the SP is a non-symfony application? For example, a Wordpress site. Thanks!
I am getting the error below when I try to implement this bundle:
The service "krtv_single_sign_on_identity_provider.uri_signer" has a dependency on a non-existent parameter "uri_signer.class".
I believe the error comes from this line
<service id="krtv_single_sign_on_identity_provider.uri_signer" class="%uri_signer.class%"> <argument/> <!-- secret --> </service>
uli_signer.class is not defined in the parameters here
<parameters>
<parameter key="krtv_single_sign_on_identity_provider.security.firewall_id">main</parameter>
<parameter key="krtv_single_sign_on_identity_provider.security.authentication.otp_manager.orm.class">Krtv\SingleSignOn\Manager\ORM\OneTimePasswordManager</parameter>
<parameter key="krtv_single_sign_on_identity_provider.encoder.otp.class">Krtv\SingleSignOn\Encoder\OneTimePasswordEncoder</parameter>
<parameter key="krtv_single_sign_on_identity_provider.routing.loader.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Routing\SsoRoutesLoader</parameter>
<parameter key="krtv_single_sign_on_identity_provider.entity.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Entity\OneTimePassword</parameter>
<parameter key="krtv_single_sign_on_identity_provider.manager.service_manager.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Manager\ServiceManager</parameter>
<parameter key="krtv_single_sign_on_identity_provider.manager.logout_manager.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Manager\LogoutManager</parameter>
<parameter key="krtv_single_sign_on_identity_provider.event_listner.service_subscriber.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\EventListener\TargetPathSubscriber</parameter>
<parameter key="krtv_single_sign_on_identity_provider.security.http_utils.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Security\Http\HttpUtils</parameter>
</parameters>
I feel like I'm 90%-95% there with this bundle, which is great btw. But What's happening at the moment is that I'm hitting the SP and it's redirecting me to the IdP login page (check). I enter the correct credentials and check that the target path is right (check). It passes the login_check and goes to the /sso/login/ (check) but then redirects back to the IdP login page instead of taking me back to the SP to validate the OP and the target path then becomes the plain URL of the SP...
I guess it's something to do with my conf, but not sure where to start to debug whats going on!
@korotovsky I got the following error.
LogoutSuccessHandler::__construct() must be an instance of Symfony\Component\Routing\Router, instance of Symfony\Cmf\Component\Routing\ChainRouter given
I wonder if you could tell me why I would get this error?
No route found for "GET /sso/login/"
As far as I can tell I have configured the identity provider as instructed.
Any help is much appreciated.
Thanks
Hello again. Sorry about being a pain. I am having troubles with this again.
What I have done is create two symfony demo projects. One as idp and the other as sp.
At the moment I have the SP configured as consumer1.com and when I go to that url I am directed to the IDP login page (idp.example.com). I am using the default sqlite db with the demo data defaults with the two user entries (one admin and one user). Along with the load fixtures data for blog entries.j
When I login as the admin at the IDP I get the following exception in my log file
https://gist.github.com/timothyjeffcoat/152411549e448178595e98075d78f24e
I know the log says "One possible reason may be that there is no firewall configured for this URL" but I am not sure what to do about that.
My IDP security.yml is https://gist.github.com/timothyjeffcoat/5fceffbdd30ee6f0bf6f177899841aad
if you could point me in a direction of what I have done wrong that will be much appreciated.
Thanks
Hello, I still do have an OTP failure though I have the same secret on IDP and SP. Process :
sp redirects to idp/login?_otp_failure=1&_otp_failure_time=1501579809.9692&_hash=fueAmfqYDQnqYV0PU%2F7onZL6jga07u2YCbAOarRIbJE%3D
(logged, session registred)
OTP validation REST request seems to be ok as into the database I can see the password + the USED status.
Do you have an idea of what would go wrong here ?
Thanks.
The OTP increases too fast, can I remove OTPs at src/AcmeBundle/Controller/OtpController.php $otpManager->invalidate($otp) ?
Hi,
In version 3.4, when the user enters IDP authentication, the connection is constantly redirecting. The same problem is found in SP,
[Fri Dec 4 11:36:10 2020] 127.0.0.1:51079 [301]: /sso/login?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D
[Fri Dec 4 11:36:11 2020] 127.0.0.1:51083 [301]: /sso/login/?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D
[Fri Dec 4 11:36:11 2020] 127.0.0.1:51085 [301]: /sso/login?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D
[Fri Dec 4 11:36:12 2020] 127.0.0.1:51087 [301]: /sso/login/?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.