Closed quentint closed 9 years ago
tmilos
commented
9 years ago Can you paste your whole security.yml because the error message you got is from the SecurityController::federationMetadataAction() which should not actually be called but intercepted by the security firewall. You probably have other firewall before saml one that's also on path /, but until I see it all, I'm unable to tell for sure.
quentint
commented
9 years ago You're right, I had my global/client firewall before those lines!
I just merged the two and it now looks OK. Is this how it's supposed to be done: adding the new aerial_ship_saml_sp parameters to my existing firewall?
Here's how it looks now:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
admin:
pattern: /admin(.*)
context: user
form_login:
provider: fos_userbundle
login_path: /admin/login
check_path: /admin/login_check
logout:
path: /admin/logout
anonymous: true
client:
pattern: .*
anonymous: ~
simple_form:
authenticator: client_authenticator
login_path: /
use_referer: true
aerial_ship_saml_sp:
local_logout_path: /logout
provider: entity_client
services:
entree_production:
idp:
file: "@eduMediaSecurityBundle/Resources/metadata/entree-production.xml"
sp:
config:
entity_id: https://mysite.com/
logout:
path: /logout
invalidate_session: false
success_handler: client_authenticatorThanks!
BernardoSilva
commented
9 years ago Don't forget to share the same context: if you want to access the user on another firewall.
I had that issue and just added
context: useron both firewalls this way they share the same context. Hope this help.
quentint
commented
9 years ago Thanks for the tip.
jensvdp
commented
6 years ago I have the same problem, but don't see what's wrong in my firewalls config. Someone has a clue?
firewalls:
# disables authentication for assets and the profiler, adapt it according to your needs
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
pattern: ^/
form_login:
login_path: fos_user_security_login
check_path: fos_user_security_check
provider: fos_userbundle
csrf_provider: form.csrf_provider
default_target_path: sonata_admin_dashboard
logout:
path: fos_user_security_logout
target: fos_user_security_login
invalidate_session: false # we need to know which client logged out
anonymous: true
remember_me:
key: "%secret%"
lifetime: 31536000 # 365 days in seconds
path: /
domain: ~
switch_user: { role: ROLE_SUPER_ADMIN }
aerial_ship_saml_sp:
local_logout_path: /logout
provider: fos_userbundle
create_user_if_not_exists: true
services:
somename:
idp:
file: "@AerialShipSamlSPBundle/Resources/idp-FederationMetadata.xml"
sp:
config:
entity_id: http://mysite.com/
Hi, this bundle looks like it could be really helpful, but I'm stuck at step 7 because, like some other users, I don't understand what to do.
I've followed all 6 previous steps OK, but when I access
/saml/sp/FederationMetadata.xmlto download my SP metadata, all I get is this error:You must configure the federation metadata path path to be handled by the firewall using aerial_ship_saml_sp in your security firewall configuration.Here's how my
security.ymllooks like:I guess I missed something. But what? Thanks in advance if you can help!