Comments (8)
Hi @chrisdejager,
That's because you have invalid format for _target_path
value. In $request->get('_target_path')
here https://github.com/korotovsky/SingleSignOnIdentityProviderBundle/blob/master/src/Krtv/Bundle/SingleSignOnIdentityProviderBundle/Controller/SingleSignOnController.php#L49 should be value like this:
http://service1.com/otp/validate/?_target_path=http%3A%2F%2Fservice1.com%2F
OTP token will be appended to this url, and after OTP validation you will be redirected to second _target_path
(to http://service1.com/
)
By the way, you also need to implement your own AuthenticationSuccessHandler
as described here http://stackoverflow.com/a/17001496/1563234 (In IdP only)
public function onAuthenticationSuccess(Request $request, TokenInterface $token)
{
// "main" firewall may be different
$redirectUrl = $this->session->get('_security.main.target_path', '/');
// ServiceManager class (sso_identity_provider.service_manager service)
$service = $this->serviceManager->getSessionService();
// Get your service manager for "consumer1" for example
// $serviceManager is instance of https://github.com/korotovsky/SingleSignOnIdentityProviderBundle/blob/master/tests/Krtv/Bundle/SingleSignOnIdentityProviderBundle/Tests/Application/ServiceProviders/ServiceProvider1.php for example
$serviceManager = $this->serviceManager->getServiceManager($service)
// Clear state
$this->serviceManager->clear();
$redirectUri = $this->router->generate('sso_login_path', [
'_target_path' => $serviceManager->getUrlForOTPOfYourService1([ // You need to implement this method.
'_target_path' => $redirectUrl,
]),
], Router::ABSOLUTE_URL);
// Sign url. (sso_identity_provider.uri_signer service)
$redirectUri = $this->uriSigner->sign($redirectUri);
return new RedirectResponse($redirectUri);
}
from singlesignonidentityproviderbundle.
You're right, if I include a final target url then it works.
Nevertheless.... targetUrl is optional in your code:
https://github.com/korotovsky/SingleSignOnServiceProviderBundle/blob/master/src/Krtv/Bundle/SingleSignOnServiceProviderBundle/EntryPoint/SingleSignOnAuthenticationEntryPoint.php#L81
That got me confused I think. :)
My service provider application is not a Symfony2 application (implementing SSO for existing services), so I simplified the requests / redirects to the IDP.
from singlesignonidentityproviderbundle.
I do not need onAuthenticationSuccess because I use fr3d_ldap and fos_rest.
The only weird thing happening is that the redirect url after authenticating still has the _hash value, but then as the first GET parameter instead of being the last. Uri signing fails then (bad request messagE).
But I am authenticated with the IDP then, so when I do the roundtrip again I get redirected correctly. The form login somehow rewrites the url :/
from singlesignonidentityproviderbundle.
as the first GET parameter instead of being the last.
It's a bug: symfony/symfony#11746
Nevertheless.... targetUrl is optional in your code
It's original behavior of FMSingleSignOnBundle ;)
from singlesignonidentityproviderbundle.
Thanx for your answers!
from singlesignonidentityproviderbundle.
@chrisdejager Please, tell me when you get it work, so I would be able to improve docs or fix new bugs.
from singlesignonidentityproviderbundle.
@korotovsky created a pull request.
from singlesignonidentityproviderbundle.
as the first GET parameter instead of being the last.
It's a bug: symfony/symfony#11746
Fixed in symfony/symfony#12574
from singlesignonidentityproviderbundle.
Related Issues (17)
- Update README.md
- Change code coverage to 100% :)
- No route found for "GET /sso/login/" HOT 16
- The token storage contains no authentication token HOT 7
- No ServiceProvider managers found HOT 13
- Router class not loaded
- getOTPValidationUrl is not a method of serviceProviderInterface HOT 1
- Non-symfony application SP HOT 1
- Error implementing this HOT 10
- On Logout Success, serviceManager->clear() is not sufficient for clearing '_logout/processed' session variable
- OTP Failure HOT 4
- Using alongside FOSUserBundle - No route found for "GET /login_check": Method Not Allowed (Allow: POST) HOT 6
- IdP redirecting back to own home page after successful login HOT 5
- remove OTP instead of invalidate it HOT 2
- app.session.get('_security.main.target_path') value is error
- symfony 3.4 Too many redirections
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from singlesignonidentityproviderbundle.