question: disable auto redirect on /saml/sp/login

aerialship / SamlSPBundle

SAML 2.0 Symfony SP Bundle - new version available at

http://www.lightsaml.com/SP-Bundle/

MIT License

63 stars 43 forks source link

question: disable auto redirect on /saml/sp/login #52

Closed alexadavid closed 10 years ago

alexadavid commented 10 years ago

How can I disable auto redirect on /saml/sp/login when user is not authenticated? I have more authentication methods and I want to redirect always on my /login page

Thank you for your help

tmilos commented 10 years ago

I'm not sure I understand your requirement. But it seems it's not directly supported and built in to the bundle. Only way I see you can do that is by overriding security.authentication.listener.aerial_ship_saml_sp.class parameter with your own AuthenticationListener. If you describe use case in more details we could consider adding support for it.

alexadavid commented 10 years ago

Thanks for quick reply. Your answer should help me, I think. I was thinking about solution in same way. More detailed description: I've every route secured except of /login https://github.com/CESNET/Netopeer-GUI/blob/master/app/config/security.yml#L82-L98

When I go directly on any URL (for example /connections/0/xxx, but it is not important) and I'm not authenticated, I'm redirected to /saml/sp/login instead of /login.

tmilos commented 10 years ago

You are redirected to /saml/sp/login since that's login_path of the first firewall that matches opened url. In your case both firewalls have almost the same paths, hence both matches /connections/0/xxx and symfony uses the first one - saml - that you have specified login_path to be /saml/sp/login.

If you change the order of the firewalls you'll be redirected to /login/. But in that case it won't be possible to open /saml/sp/login and perform SAML SSO unless you are authenticated, but then, why would you do SSO at all.

You might also try adjusting firewall paths to be exclusive and not overlap. So each handles it's own paths only.

Still I'm not clear that I understand what changes you would make to this this bundle itself. All this is standard Symfony security configuration

alexadavid commented 10 years ago

I'm not sure it would be necessary to make any changes in this bundle. SSO is just second way how to login into my system. I need same routes for both authentication methods, so they can not be exclusive. When I'm not authenticated, I want to show always same login form (on /login), where user have two choices - use standard login form or use SSO.

After changing order of firewalls, redirect to saml/sp/login doesn't occur. So it's ok. I can open /saml/sp/login manually too, and I finally get response on /saml/sp/acs.

So I had problem with security configuration alone, nothing wrong with bundle itself.

Thank you for your help, problem solved by setting security.yml in right way (https://github.com/CESNET/Netopeer-GUI/commit/8022b7f5ed17f8b1c955725e29f28f225b28d645