search

SAML-Toolkits / php-saml

Simple SAML toolkit for PHP
MIT License
1.23k stars 469 forks source link

The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs #558

Open zeyser opened 1 year ago

zeyser commented 1 year ago

Hi! i'm using v.2.19.1 and I have confusing error - The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs I can't understand - why in error message abolutlely equal string https://{site}/api/sso/acs === https://{site}/api/sso/acs ? From source - 

$urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL);
if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) {
    $currentURLNoRouted = OneLogin_Saml2_Utils::getSelfURLNoQuery();
    $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted);

    if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) {
        throw new OneLogin_Saml2_ValidationError(
            "The response was received at $currentURL instead of $destination",
            OneLogin_Saml2_ValidationError::WRONG_DESTINATION
        );
    }
}

I read in similar issues that problem can be related to proxy that stands before PHP, but from source code and error message it's not clear is it really the proxy issue.

Does someone faced a similar problem? How can I debug a real issue that cause to such error?

pitbulk commented 1 year ago

It need to be something else. Have you checked the content inside the SAMLResponse? Maybe there is some extra space or something.

ri0t1985 commented 1 year ago

I've got a similar issue that i've managed to track down to Utils::getSelfRoutedURLNoQuery().

When i've got a 3rd part in my url, it does not work. (/saml/acs/). What i'd expect to be returned is: /saml/acs/ What is actually returned: /saml/

If I remove the hash from the URL earlier in my application, it works just fine.

sanojv-EY commented 10 months ago

I'm also facing an issue.

The response was received at https://<<WebApp>>.azurewebsites.net:8080/index.php instead of https://<<public domain>>/index.php?/auth/saml/acs

invalid_response
Not authenticated

My Application is hosted on Azure AppService, using the Code publishing model and PHP 8.1 runtime stack. It is accessible through the Azure Application Gateway. My public domain is linked to the Application Gateway, not in the AppService.

Any Fix?

sanojv-EY commented 10 months ago

Finally, I fixed this issue by adding a public domain in the app service and changing the $_proxyVars = true; in Utils.php.