korotovsky / singlesignonidentityproviderbundle Goto Github PK

I followed the documentation here and i got this error;

No ServiceProvider managers found. Make sure that you have at least one ServiceProvider manager tagged with "sso.service_provider". Please help @korotovsky

I've managed to nearly get this working but when I'm logging into the IdP I'm getting the error

No route found for "GET /login_check": Method Not Allowed (Allow: POST)

This is my security config and I'm not sure where to go next as there seems to be some kind of conflict. Is there any way to get this working with the fos_userbundle?

`security:
providers:
fos_userbundle:
id: fos_user.user_provider.username_email

encoders:
    FOS\UserBundle\Model\UserInterface: bcrypt

firewalls:
    main:
        pattern: ^/
        form_login:
            provider: fos_userbundle
            csrf_token_generator: security.csrf.token_manager
            login_path: /
            success_handler: user_listener
            use_referer: true
        logout:
            success_handler: logout_listener
        anonymous:    true`

I config the message as below
Step 1

//composer.json
"korotovsky/sso-idp-bundle": "0.3.3",

Step 2 and Step 3 have the same configuration as you
Step 4

# app/config/config.yml:
krtv_single_sign_on_identity_provider:
    host:             127.0.0.1:8000
    host_scheme:      http

    login_path:       /sso/login/
    logout_path:      /sso/logout

    services:
        - consumer1
        - consumer2

    otp_parameter:    _otp
    secret_parameter: secret

Step 5 and Step 6 ，the configuration is the same as you
Step 7 and Step 8 ，I‘m not config.
Step 9 ，the configuration is the same as you
After these,
I run php .\bin\console server:run
the app.session.get('_security.main.target_path') value is http://127.0.0.1:8000/sso/login/?_failure_path=http://127.0.0.1:8000/login?_target_path=http://127.0.0.1:8000/login?_hash=F4JfXdZLdfB6BkFxSudy41%2FmCShicEHy3eCJElcumiE=&login_required=1&_target_path=http://127.0.0.1:8000/otp/validate/?_hash=XuM9xZHRqQStsLJxdoK2BcOvEu3rcsGOx15IEtlBaVo=&_target_path=http://127.0.0.1:8000:login?_hash=F4JfXdZLdfB6BkFxSudy41%252FmCShicEHy3eCJElcumiE%253D&login_required=1&_target_path=http://127.0.0.1:8000/otp/validate/?_hash=K%2BWuaNaDT8dgCfdG0b2ZZ9Ljb4ignUDR1D1jIRxAghQ=&_target_path=http://127.0.0.1:8000%2Fotp%2Fvalidate%2F?_hash=XuM9xZHRqQStsLJxdoK2BcOvEu3rcsGOx15IEtlBaVo%253D%26_target_path=http%253A%252F%252F127.0.0.1%253A8000%252Flogin%253F_hash%253DF4JfXdZLdfB6BkFxSudy41%25252FmCShicEHy3eCJElcumiE%25253D&login_required=1&_target_path=http://127.0.0.1:8000/otp/validate/?_hash=Vw9u1RFWc4QgMaj5y5pOzUt8rs%2BDyNuYuGukj9y1eSo=&_target_path=http://127.0.0.1:8000%2Fotp%2Fvalidate%2F?

The README documentation suggests to write a LogoutSuccessHandler::onLogoutSuccess() method, and call this line :
$this->serviceManager->clear();

It is not sufficient for clearing the '_logout/processed' session variable.
I have added the line :
$request->getSession()->remove(LogoutManager::SERVICE_SESSION_NS);

Without this clearing, if the user wants to login on Consumer1 again and logout again, he will not be logged-out on Consumer2.

https://github.com/korotovsky/SingleSignOnIdentityProviderBundle/blob/master/src/Krtv/Bundle/SingleSignOnIdentityProviderBundle/Controller/SingleSignOnController.php#L49

Results in 404 after redirect to the service provider because "?" is missing. Is this intended behavior?

Hi @korotovsky, Please can you help me explain why I'm getting this error.

getOTPValidationUrl is not a method in a class that extends Krtv\Bundle\SingleSignOnIdentityProviderBundle\Manager\ServiceProviderInterface

Can I also use this bundle even if the SP is a non-symfony application? For example, a Wordpress site. Thanks!

I am getting the error below when I try to implement this bundle:

The service "krtv_single_sign_on_identity_provider.uri_signer" has a dependency on a non-existent parameter "uri_signer.class".

I believe the error comes from this line

<service id="krtv_single_sign_on_identity_provider.uri_signer" class="%uri_signer.class%"> <argument/> <!-- secret --> </service>

uli_signer.class is not defined in the parameters here

<parameters>
        <parameter key="krtv_single_sign_on_identity_provider.security.firewall_id">main</parameter>
        <parameter key="krtv_single_sign_on_identity_provider.security.authentication.otp_manager.orm.class">Krtv\SingleSignOn\Manager\ORM\OneTimePasswordManager</parameter>
        <parameter key="krtv_single_sign_on_identity_provider.encoder.otp.class">Krtv\SingleSignOn\Encoder\OneTimePasswordEncoder</parameter>

        <parameter key="krtv_single_sign_on_identity_provider.routing.loader.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Routing\SsoRoutesLoader</parameter>
        <parameter key="krtv_single_sign_on_identity_provider.entity.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Entity\OneTimePassword</parameter>

        <parameter key="krtv_single_sign_on_identity_provider.manager.service_manager.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Manager\ServiceManager</parameter>
        <parameter key="krtv_single_sign_on_identity_provider.manager.logout_manager.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Manager\LogoutManager</parameter>

        <parameter key="krtv_single_sign_on_identity_provider.event_listner.service_subscriber.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\EventListener\TargetPathSubscriber</parameter>
        <parameter key="krtv_single_sign_on_identity_provider.security.http_utils.class">Krtv\Bundle\SingleSignOnIdentityProviderBundle\Security\Http\HttpUtils</parameter>
    </parameters>

I feel like I'm 90%-95% there with this bundle, which is great btw. But What's happening at the moment is that I'm hitting the SP and it's redirecting me to the IdP login page (check). I enter the correct credentials and check that the target path is right (check). It passes the login_check and goes to the /sso/login/ (check) but then redirects back to the IdP login page instead of taking me back to the SP to validate the OP and the target path then becomes the plain URL of the SP...

I guess it's something to do with my conf, but not sure where to start to debug whats going on!

@korotovsky I got the following error.

LogoutSuccessHandler::__construct() must be an instance of Symfony\Component\Routing\Router, instance of Symfony\Cmf\Component\Routing\ChainRouter given

I wonder if you could tell me why I would get this error?

No route found for "GET /sso/login/"

As far as I can tell I have configured the identity provider as instructed.

Any help is much appreciated.

Thanks

Hello again. Sorry about being a pain. I am having troubles with this again.

What I have done is create two symfony demo projects. One as idp and the other as sp.

At the moment I have the SP configured as consumer1.com and when I go to that url I am directed to the IDP login page (idp.example.com). I am using the default sqlite db with the demo data defaults with the two user entries (one admin and one user). Along with the load fixtures data for blog entries.j

When I login as the admin at the IDP I get the following exception in my log file

https://gist.github.com/timothyjeffcoat/152411549e448178595e98075d78f24e

I know the log says "One possible reason may be that there is no firewall configured for this URL" but I am not sure what to do about that.

My IDP security.yml is https://gist.github.com/timothyjeffcoat/5fceffbdd30ee6f0bf6f177899841aad

if you could point me in a direction of what I have done wrong that will be much appreciated.

Thanks

Hello, I still do have an OTP failure though I have the same secret on IDP and SP. Process :

sp redirects to idp/login?_otp_failure=1&_otp_failure_time=1501579809.9692&_hash=fueAmfqYDQnqYV0PU%2F7onZL6jga07u2YCbAOarRIbJE%3D

(logged, session registred)

OTP validation REST request seems to be ok as into the database I can see the password + the USED status.

Do you have an idea of what would go wrong here ?

Thanks.

The OTP increases too fast, can I remove OTPs at src/AcmeBundle/Controller/OtpController.php $otpManager->invalidate($otp) ?

Hi,
In version 3.4, when the user enters IDP authentication, the connection is constantly redirecting. The same problem is found in SP,

[Fri Dec  4 11:36:10 2020] 127.0.0.1:51079 [301]: /sso/login?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D
[Fri Dec  4 11:36:11 2020] 127.0.0.1:51083 [301]: /sso/login/?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D
[Fri Dec  4 11:36:11 2020] 127.0.0.1:51085 [301]: /sso/login?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D
[Fri Dec  4 11:36:12 2020] 127.0.0.1:51087 [301]: /sso/login/?_failure_path=http%3A%2F%2F127.0.0.1%3A8000%2Flogin%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&_target_path=http%3A%2F%2F127.0.0.1%3A8001%2Fotp%2Fvalidate%2F%3F_target_path%3Dhttp%253A%252F%252F127.0.0.1%253A8001%252F%253F_hash%253DKPWaBPcQIYxu5wVvtjrW0Ns6TdukNuT66wYgObAZp1w%25253D&service=consumer1&_hash=fibxWOKNgpkke2WHWg%2BsRCmY5ap30ex2shSq99nu03E%3D