Open DanielMalmgren opened 5 years ago
that's all on your side your it seems. I mean, the session management is not handled by the library, it merely returns you the user info when you ask it to. when your Middleware detectes the user is not authenticated it should trigger some handler, and there you should login, and when you get the user, open the session. Is that 'unauthenticated' handler you are missing? (there's one in the readme, but as I mentioned, that's just a sample implementation)
Ok, solved it. Instead of using the web middleware group I created a new according to your readme and now it works. Guess the web group contains something that is not good?
Hi @DanielMalmgren, you can show me you middleware group source code, i have the same problem, thank you.
It looks exactly as in the readme, ie:
'saml' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, ],
go to Middleware/VerifyCsrfToken
and add your assertion url to the except
list
if you use the packages default routes then:
protected $except = [
'{routesPrefix}/{idpName}/acs'
];
or if its a custom route
protected $except = [
'/auth/sso/reply'
];
Hi. I realize this might not be the correct place for support questions, but others seem to do it, so I hope I can do it as well :-)
I'm kinda new to both Laravel and laravel-saml2 so I'm probably doing something stupid, but I get an error that nobody else seem to get.
I have set up a listener for the Saml2LoginEvent and everything is fine there, I can get the SAML ticket and get the attributes I want out from it. And at the end of my listener I call \Auth::login() with an User object. This got me into the eternal loop that so many others get, so I added the web middleware to my saml2_settings.php.
This is where things get strange. Suddenly my listener is never kicked off at all (verified using a logger() call as the first thing in it), and the user logging in gets "419 - Sorry, your session has expired.". Duh?