Why assume GET parameter in _target_path? about singlesignonidentityproviderbundle HOT 8 CLOSED

Hi @chrisdejager,

That's because you have invalid format for _target_path value. In $request->get('_target_path') here https://github.com/korotovsky/SingleSignOnIdentityProviderBundle/blob/master/src/Krtv/Bundle/SingleSignOnIdentityProviderBundle/Controller/SingleSignOnController.php#L49 should be value like this:

http://service1.com/otp/validate/?_target_path=http%3A%2F%2Fservice1.com%2F

OTP token will be appended to this url, and after OTP validation you will be redirected to second _target_path (to http://service1.com/)

By the way, you also need to implement your own AuthenticationSuccessHandler as described here http://stackoverflow.com/a/17001496/1563234 (In IdP only)

public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
    // "main" firewall may be different 
    $redirectUrl = $this->session->get('_security.main.target_path', '/');

    // ServiceManager class (sso_identity_provider.service_manager service)
    $service =  $this->serviceManager->getSessionService();

    // Get your service manager for "consumer1" for example
    // $serviceManager is instance of https://github.com/korotovsky/SingleSignOnIdentityProviderBundle/blob/master/tests/Krtv/Bundle/SingleSignOnIdentityProviderBundle/Tests/Application/ServiceProviders/ServiceProvider1.php for example
    $serviceManager = $this->serviceManager->getServiceManager($service)

    // Clear state
    $this->serviceManager->clear();

    $redirectUri = $this->router->generate('sso_login_path', [
        '_target_path' => $serviceManager->getUrlForOTPOfYourService1([ // You need to implement this method.
            '_target_path' => $redirectUrl,
        ]),
    ], Router::ABSOLUTE_URL);

    // Sign url. (sso_identity_provider.uri_signer service)
    $redirectUri = $this->uriSigner->sign($redirectUri);
    return new RedirectResponse($redirectUri);
}

from singlesignonidentityproviderbundle.

You're right, if I include a final target url then it works.

Nevertheless.... targetUrl is optional in your code:
https://github.com/korotovsky/SingleSignOnServiceProviderBundle/blob/master/src/Krtv/Bundle/SingleSignOnServiceProviderBundle/EntryPoint/SingleSignOnAuthenticationEntryPoint.php#L81

That got me confused I think. :)
My service provider application is not a Symfony2 application (implementing SSO for existing services), so I simplified the requests / redirects to the IDP.

from singlesignonidentityproviderbundle.

I do not need onAuthenticationSuccess because I use fr3d_ldap and fos_rest.

The only weird thing happening is that the redirect url after authenticating still has the _hash value, but then as the first GET parameter instead of being the last. Uri signing fails then (bad request messagE).

But I am authenticated with the IDP then, so when I do the roundtrip again I get redirected correctly. The form login somehow rewrites the url :/

from singlesignonidentityproviderbundle.

as the first GET parameter instead of being the last.

It's a bug: symfony/symfony#11746

Nevertheless.... targetUrl is optional in your code

It's original behavior of FMSingleSignOnBundle ;)

from singlesignonidentityproviderbundle.

Thanx for your answers!

from singlesignonidentityproviderbundle.

@chrisdejager Please, tell me when you get it work, so I would be able to improve docs or fix new bugs.

from singlesignonidentityproviderbundle.

@korotovsky created a pull request.

from singlesignonidentityproviderbundle.

@chrisdejager,

as the first GET parameter instead of being the last.

It's a bug: symfony/symfony#11746

Fixed in symfony/symfony#12574

from singlesignonidentityproviderbundle.