rahulgpai
commented
8 years ago Hi All,
I was able to fix the long chain of issues I was facing in configuring and getting this bundle to work together with fosUserBundle and fr3d ldap bundle. Finally. I am posting the solution here so that it may be of some help to someone !
This is how my config.yml looks -
BeSimple SSO bundle related config values
be_simple_sso_auth: admin_sso: protocol: id: cas version: 2 server: id: cas login_url: "%cas_login_url%" logout_url: "%cas_logout_url%" validation_url: "%cas_validation_url%"
FOS user bundle related config values
fos_user: db_driver: orm # other valid values are 'mongodb', 'couchdb' and 'propel' firewall_name: main user_class: UserBundle\Entity\User
FR3D ldap bundle related config values
fr3d_ldap: driver: host: "%ldap_host%" port: "%ldap_port%" username: "%ldap_connection_string%" password: "%ldap_password%" user: baseDn: "%ldap_base_dn%" #DC=wr, DC=loc #DC=example,DC=com filter: (&(ObjectClass=Person)) attributes:
- { ldap_attr: uid, user_method: setUsername }
- { ldap_attr: sn, user_method: setName }
- { ldap_attr: preferredlanguage, user_method: setLanguage }
- { ldap_attr: mail, user_method: setEmail }
This is how my parameters.yml looks
parameters: database_host: 127.0.0.1 database_port: null database_name: YourDataBaseNameComesHere database_user: root database_password: null mailer_transport: smtp mailer_host: 127.0.0.1 mailer_user: null mailer_password: null secret: ThisCanBeAnything
cas_login_url: YourCasLoginUrlComesHere
cas_logout_url: YourCasLogOutUrlComesHere
cas_validation_url: YourCasServiceValidateUrlComesHere
# Below mentioned lines are important and have resolved issues related to Unknown SSH protocol error, Certificate name does not match host, Self Signed Certificate etc. Certainly setting verify host and verify peer to FALSE is applicable when NOT on production
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false
be_simple.sso_auth.client.option.curlopt_ssl_verifyhost.value: false
be_simple.sso_auth.client.option.curlopt_sslversion.value: 1My routing.yml looks like this
login: path: /login defaults: { _controller: BeSimpleSsoAuthBundle:TrustedSso:login }
login_check: path: /login_check
logout: path: /logout
fos_user_security: resource: "@FOSUserBundle/Resources/config/routing/security.xml"
fos_user_profile: resource: "@FOSUserBundle/Resources/config/routing/profile.xml"
And finally the big piece in the puzzle, security.yml. My security.yml looks like this [which finally made all of this working when put together]
security: role_hierarchy: ROLE_ADMIN: ROLE_USER ROLE_SUPER_ADMIN: ROLE_ADMIN
encoders:
UserBundle\Entity\User: bcrypt
providers:
administrators:
entity: { class: UserBundle\Entity\User }without adding the above provider, it was resulting into redirection loop after CAS successful authentication and was throwing the error The authentication is not validated by SSO provider. Didn't spend time to find the actual reason behind this, but having above provider resolved it somehow.
chain_provider:
chain:
providers: [fos_userbundle, fr3d_ldapbundle]
fr3d_ldapbundle:
id: fr3d_ldap.security.user.provider
fos_userbundle:
id: fos_user.user_provider.username
firewalls:
main:
pattern: ^/
#anonymous: ~ or true uncommenting this line will result in the error loginAction expects $manager, null given error.
form_login: ~
provider: chain_provider
trusted_sso:
manager: admin_sso
provider: chain_provider
login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
default_target_path: homepage
always_use_default_target_path: true
login_path: /login
check_path: /
logout:
path: /logout
target: /login
remember_me:
secret: '%secret%'
lifetime: 604800 # one week in seconds
path: /These settings will perhaps take care of the possible 5-6 issues (listed below)
Unknown SSH protocol, Self Signed Certificate Error, Certificate Subject does not match Host, Authentication not validated by SSO provider, Looped Redirection and so on
These bothered me for quite a few days in setting this up and getting this working. Hope this helps someone !!!
Hi Team,
I am working on this bundle since past few days and it appears as if this is never ending run. I take care of one issue and another pops up.
The documentation for the bundle is not enough too for configuring it entirely. Additionally, I am facing more issues because I am trying to get this bundle to work with FOSUserBundle and FR3D LDAP bundle together.
First question here, is it possible? I think it is using chain providers but when I last succeeded to get this to work closest to my requirement, I found that a never ending redirection loop with the following observations from the dev.log file - CAS authentication successful and then returned to my app and thereafter User was reloaded from the User Provider and then I had a Authentication Exception thrown with the message "Authentication has not been validated by SSO provider". And I was stuck on it for couple of days after which I (don't know why) thought of using composer update and everything screwed up even more.
Now I have the issues of - 1) Unknown SSL protocol error which after resolving resulted into 2) Subject name of certicate doesn't match the host ... error which after resolving resulted into SSL certificate problem: self signed certificate which I am presently stuck on.
If any one knows what to configure next, please help. And to the creators, please work on the documentation in deep. There are core files which throw error and as a work around one cannot make changes to the core files. And overriding each is not an option either. There should be an alternate way to configure the values using parameters.yml or config.yml for the core files too. And if there is such a way, please let me know as I did not come across any, online !
config.yml has
be_simple_sso_auth: admin_sso: protocol: id: cas version: 2 server: id: cas login_url: cas login url logout_url: cas logout url validation_url: cas service validate url*
parameters.yml has
And still the error !!! And work on the documentation guys !!!
*these are proper urls