search

OpenConext / OpenConext-engineblock

OpenConext SAML 2.0 IdP/SP Gateway
14 stars 22 forks source link

Unsollicited SSO fails with "Unable to find the current binding." #302

Closed thijskh closed 8 years ago

thijskh commented 8 years ago

In EB 5, when triggering an unsollicited SSO request, EB throws an error:

Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] engineblock.INFO: Handling incoming request: GET /authentication/idp/unsolicited-single-sign-on/ba573f07093978e3852ddef0d2465b84 {"session_id":null,"request_id":"57873c0c5e898"} []
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] request.INFO: Matched route "authentication_idp_unsolicited_sso_idphash". {"session_id":null,"request_id":"57873c0c5e898"} {"route_parameters":{"_controller":"engineblock.controller.authentication.identity_provider:unsolicitedSingleSignOnAction","virtualOrganization":null,"keyId":null,"domain":"surfconext.nl","idpHash":"ba573f07093978e3852ddef0d2465b84","_route":"authentication_idp_unsolicited_sso_idphash"},"request_uri":"https://engine.surfconext.nl/authentication/idp/unsolicited-single-sign-on/ba573f07093978e3852ddef0d2465b84?sp-entity-id=https%3A%2F%2Flogin.adp.nl%2Ffederation%2Fsamlsp%2F"}
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] security.INFO: Populated the TokenStorage with an anonymous Token. {"session_id":null,"request_id":"57873c0c5e898"} []
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] engineblock.WARNING: Unable to find the SAML 2 binding used for this request. {"session_id":"VtfodJjhxjXSeQS3XF,olUGIl41","request_id":"57873c0c5e898"} []
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] engineblock.WARNING: Request method: 'GET' {"session_id":"VtfodJjhxjXSeQS3XF,olUGIl41","request_id":"57873c0c5e898"} []
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] engineblock.WARNING: GET parameters: 'sp-entity-id' {"session_id":"VtfodJjhxjXSeQS3XF,olUGIl41","request_id":"57873c0c5e898"} []
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] engineblock.ERROR: Unable to find the current binding. | Caught Unhandled generic exception {"session_id":"VtfodJjhxjXSeQS3XF,olUGIl41","request_id":"57873c0c5e898"} {"exception":{"severity":"ERROR","location":"/opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/src/OpenConext/EngineBlockBundle/EventListener/FallbackExceptionListener.php:63","userId":null,"idp":null,"sp":null,"details":"EngineBlock_Exception: Unable to find the current binding.\n#0 [internal function]: OpenConext\\EngineBlockBundle\\EventListener\\FallbackExceptionListener->onKernelException(Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent), 'kernel.exceptio...', Object(Symfony\\Component\\EventDispatcher\\ContainerAwareEventDispatcher))\n#1 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/cache/prod/classes.php(2646): call_user_func(Array, Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent), 'kernel.exceptio...', Object(Symfony\\Component\\EventDispatcher\\ContainerAwareEventDispatcher))\n#2 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/cache/prod/classes.php(2579): Symfony\\Component\\EventDispatcher\\EventDispatcher->doDispatch(Array, 'kernel.exceptio...', Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#3 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/cache/prod/classes.php(2740): Symfony\\Component\\EventDispatcher\\EventDispatcher->dispatch('kernel.exceptio...', Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#4 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3141): Symfony\\Component\\EventDispatcher\\ContainerAwareEventDispatcher->dispatch('kernel.exceptio...', Object(Symfony\\Component\\HttpKernel\\Event\\GetResponseForExceptionEvent))\n#5 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3077): Symfony\\Component\\HttpKernel\\HttpKernel->handleException(Object(Exception), Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#6 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3222): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#7 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(2444): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#8 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/web/app.php(22): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#9 {main}\n\nException: Unable to find the current binding.\n#0 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Module/Bindings.php(74): SAML2_Binding::getCurrentBinding()\n#1 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(148): EngineBlock_Corto_Module_Bindings->receiveRequest()\n#2 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(315): EngineBlock_Corto_Adapter->_getRequestInstance()\n#3 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(165): EngineBlock_Corto_Adapter->_getIssuerSpEntityId()\n#4 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(48): EngineBlock_Corto_Adapter->_filterRemoteEntitiesByRequestSp()\n#5 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/src/OpenConext/EngineBlockBundle/Controller/IdentityProviderController.php(111): EngineBlock_Corto_Adapter->singleSignOn('ba573f07093978e...')\n#6 [internal function]: OpenConext\\EngineBlockBundle\\Controller\\IdentityProviderController->unsolicitedSingleSignOnAction(NULL, NULL, 'ba573f07093978e...')\n#7 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3109): call_user_func_array(Array, Array)\n#8 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3071): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#9 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3222): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#10 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(2444): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#11 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/web/app.php(22): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#12 {main}","message_prefix":null},"previous_exceptions":["exception 'Exception' with message 'Unable to find the current binding.' in /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/vendor/simplesamlphp/saml2/src/SAML2/Binding.php:97\nStack trace:\n#0 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Module/Bindings.php(74): SAML2_Binding::getCurrentBinding()\n#1 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(148): EngineBlock_Corto_Module_Bindings->receiveRequest()\n#2 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(315): EngineBlock_Corto_Adapter->_getRequestInstance()\n#3 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(165): EngineBlock_Corto_Adapter->_getIssuerSpEntityId()\n#4 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/library/EngineBlock/Corto/Adapter.php(48): EngineBlock_Corto_Adapter->_filterRemoteEntitiesByRequestSp()\n#5 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/src/OpenConext/EngineBlockBundle/Controller/IdentityProviderController.php(111): EngineBlock_Corto_Adapter->singleSignOn('ba573f07093978e...')\n#6 [internal function]: OpenConext\\EngineBlockBundle\\Controller\\IdentityProviderController->unsolicitedSingleSignOnAction(NULL, NULL, 'ba573f07093978e...')\n#7 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3109): call_user_func_array(Array, Array)\n#8 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3071): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw(Object(Symfony\\Component\\HttpFoundation\\Request), 1)\n#9 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(3222): Symfony\\Component\\HttpKernel\\HttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#10 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/app/bootstrap.php.cache(2444): Symfony\\Component\\HttpKernel\\DependencyInjection\\ContainerAwareHttpKernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request), 1, true)\n#11 /opt/openconext/OpenConext-engineblock-5.0.0-beta5-1/web/app.php(22): Symfony\\Component\\HttpKernel\\Kernel->handle(Object(Symfony\\Component\\HttpFoundation\\Request))\n#12 {main}"]}
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] engineblock.NOTICE: An error was caught {"session_id":"VtfodJjhxjXSeQS3XF,olUGIl41","request_id":"57873c0c5e898"} []
Jul 14 09:15:24 papp2 EBLOG[2371]: [2016-07-14 09:15:24] engineblock.NOTICE: Showing feedback page with message: SURFconext - Error - An error occurred {"session_id":"VtfodJjhxjXSeQS3XF,olUGIl41","request_id":"57873c0c5e898"} []

An example URL that works with EB 4 is: https://engine.surfconext.nl/authentication/idp/unsolicited-single-sign-on/ba573f07093978e3852ddef0d2465b84?sp-entity-id=https://login.adp.nl/federation/samlsp/

DRvanR commented 8 years ago

This is indeed a bug, the method in this line should be unsollicitedSingleSignOn so that this method is invoked. This can be deduced from the corresponding EB4 code here.

Will make the patch when I have time.

DRvanR commented 8 years ago

For the record, the error is triggered in the SAML2 library when deciding which binding to use.

DRvanR commented 8 years ago

Resolved through #307