IdP redirecting back to own home page after successful login about singlesignonidentityproviderbundle HOT 5 OPEN

Does your user has ROLE_USER after successful authentication on IdP? See: https://github.com/korotovsky/SingleSignOnIdentityProviderBundle/blob/0.3.x/src/Krtv/Bundle/SingleSignOnIdentityProviderBundle/Controller/SingleSignOnController.php#L36

from singlesignonidentityproviderbundle.

Yes, it's getting past those checks and creting the $otp. One issue I had on my SP was that the HttpUtils::createRedirectResponse() was resetting my $path to "/". Which meant I was getting a cyclic redirect on my SP instead of it passing me to the IdP.

/**
 * Creates a redirect Response.
 *
 * @param Request $request A Request instance
 * @param string  $path    A path (an absolute path (/foo), an absolute URL (http://...), or a route name (foo))
 * @param int     $status  The status code
 *
 * @return RedirectResponse A RedirectResponse instance
 */
public function createRedirectResponse(Request $request, $path, $status = 302)
{
    if (null !== $this->domainRegexp && preg_match('#^https?://[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) {
        $path = '/';
    }

    return new RedirectResponse($this->generateUri($request, $path), $status);
}

So what I ended up doing was adding a check on my SP for the IdP url

if (null !== $this->domainRegexp && preg_match('#^https?://[^/]++#i', $path, $host) && !preg_match(sprintf($this->domainRegexp, preg_quote($request->getHttpHost())), $host[0])) { if($host[0] !== 'https://idp.me') $path = '/'; }

That then started passing my SP to the IdP. So I've just done that on my IdP but checking for my SP and it's passing through!

Is there anyway around this without having to edit Symfony's core files?

from singlesignonidentityproviderbundle.

I'd suggest to remove trailing slashes everywhere from IdP and from SP in the SSO configuration and make sure that bundle does not use them. I think trailing slash came from our internal project and somehow appeared in the docs :)

So: define all SSO routes without trailing slash (ending slash)
Reconfigure SSO parameters on both sides using security parameters.

In the end your free to define whatever routes you want for the SSO.

from singlesignonidentityproviderbundle.

Ok I'll give that a go, thank you. Now that my SP and IdP are talking again I'm back to my previous issue where the otp/validate keeps on failing on the SP.

I've captured the url and when navigating to it through the browser it works (get the returned)

{"data":{"created_at":"Tue, 29 May 2018 14:15:52 +0100","hash":"Y205c1pWOXpkWEJsY2w5aFpHMXBiZz09OjE1Mjc2MDAwNTIuNDc2MjoxNDk4NzU1NWYwNzlhYmMxNzEwOThiYTBhZDkwMTZkOWVhY2RjMDFkMzJlZmYxYzNkZjI5YWQ1NDE5ZThmYzc3","password":"o6XhyFAswJ9Qry2EqOzC48yM2DOhXUrpCgTAsEKLxI7Crnfz5ftW7u/d5FjxkxJ/b9uCuuq33oVLib8ZO4OHQA==","is_used":false}}

But the OneTimePasswordProvider::fetch() where it checks the $response->getBody()->getContents() keeps on coming back as empty (just ""). Again is this just my config or something else with my IdP server handling the guzzle request?

from singlesignonidentityproviderbundle.

Hard to say... Maybe something wrong with installed versions of guzzle or something else? I'd suggest to take plain interface of the provider and implement on your own, at least just for testing purposes. There is a way to connect your own provider as a service id. Check the docs and bundle configuration definition

from singlesignonidentityproviderbundle.