Comments (5)
Does your user has ROLE_USER
after successful authentication on IdP? See: https://github.com/korotovsky/SingleSignOnIdentityProviderBundle/blob/0.3.x/src/Krtv/Bundle/SingleSignOnIdentityProviderBundle/Controller/SingleSignOnController.php#L36
from singlesignonidentityproviderbundle.
Yes, it's getting past those checks and creting the $otp. One issue I had on my SP was that the HttpUtils::createRedirectResponse() was resetting my $path to "/". Which meant I was getting a cyclic redirect on my SP instead of it passing me to the IdP.
/**
* Creates a redirect Response.
*
* @param Request $request A Request instance
* @param string $path A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo))
* @param int $status The status code
*
* @return RedirectResponse A RedirectResponse instance
*/
public function createRedirectResponse(Request $request, $path, $status = 302)
{
if (null !== $this->domainRegexp && preg_match('#^https?://[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) {
$path = '/';
}
return new RedirectResponse($this->generateUri($request, $path), $status);
}
So what I ended up doing was adding a check on my SP for the IdP url
if (null !== $this->domainRegexp && preg_match('#^https?://[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) { if($host[0] !== 'https://idp.me') $path = '/'; }
That then started passing my SP to the IdP. So I've just done that on my IdP but checking for my SP and it's passing through!
Is there anyway around this without having to edit Symfony's core files?
from singlesignonidentityproviderbundle.
I'd suggest to remove trailing slashes everywhere from IdP and from SP in the SSO configuration and make sure that bundle does not use them. I think trailing slash came from our internal project and somehow appeared in the docs :)
So: define all SSO routes without trailing slash (ending slash)
Reconfigure SSO parameters on both sides using security parameters.
In the end your free to define whatever routes you want for the SSO.
from singlesignonidentityproviderbundle.
Ok I'll give that a go, thank you. Now that my SP and IdP are talking again I'm back to my previous issue where the otp/validate keeps on failing on the SP.
I've captured the url and when navigating to it through the browser it works (get the returned)
{"data":{"created_at":"Tue, 29 May 2018 14:15:52 +0100","hash":"Y205c1pWOXpkWEJsY2w5aFpHMXBiZz09OjE1Mjc2MDAwNTIuNDc2MjoxNDk4NzU1NWYwNzlhYmMxNzEwOThiYTBhZDkwMTZkOWVhY2RjMDFkMzJlZmYxYzNkZjI5YWQ1NDE5ZThmYzc3","password":"o6XhyFAswJ9Qry2EqOzC48yM2DOhXUrpCgTAsEKLxI7Crnfz5ftW7u/d5FjxkxJ/b9uCuuq33oVLib8ZO4OHQA==","is_used":false}}
But the OneTimePasswordProvider::fetch() where it checks the $response->getBody()->getContents() keeps on coming back as empty (just ""). Again is this just my config or something else with my IdP server handling the guzzle request?
from singlesignonidentityproviderbundle.
Hard to say... Maybe something wrong with installed versions of guzzle or something else? I'd suggest to take plain interface of the provider and implement on your own, at least just for testing purposes. There is a way to connect your own provider as a service id. Check the docs and bundle configuration definition
from singlesignonidentityproviderbundle.
Related Issues (17)
- No ServiceProvider managers found HOT 13
- Router class not loaded
- getOTPValidationUrl is not a method of serviceProviderInterface HOT 1
- Non-symfony application SP HOT 1
- Error implementing this HOT 10
- On Logout Success, serviceManager->clear() is not sufficient for clearing '_logout/processed' session variable
- OTP Failure HOT 4
- Update README.md
- Using alongside FOSUserBundle - No route found for "GET /login_check": Method Not Allowed (Allow: POST) HOT 6
- remove OTP instead of invalidate it HOT 2
- app.session.get('_security.main.target_path') value is error
- Change code coverage to 100% :)
- symfony 3.4 Too many redirections
- Why assume GET parameter in _target_path? HOT 8
- No route found for "GET /sso/login/" HOT 16
- The token storage contains no authentication token HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from singlesignonidentityproviderbundle.