search

casdoor / casdoor

An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, RADIUS, Google Workspace, Active Directory and Kerberos
https://casdoor.org
Apache License 2.0
10.2k stars 1.2k forks source link

bug: SAML BINGING HTTP POST login error,response "unexpected EOF" #2643

Closed mahuihuang closed 9 months ago

mahuihuang commented 9 months ago

use aliyun cloudsso as saml SP。SAML SP redirect use post method, SAMLRequest and RelayState repose in form data,frontend did't send SAMLRequest and RelayState on request payload.

SP redirect response

image

image

login request payload

curl 'http://localhost:8000/api/login' \
  -H 'Accept: */*' \
  -H 'Accept-Language: zh;q=0.9,en;q=0.8' \
  -H 'Connection: keep-alive' \
  -H 'Content-Type: text/plain;charset=UTF-8' \
  -H 'Cookie: Hm_lvt_14752563c89f0870e93d2f6ac497f815=1704182104; ajs_anonymous_id=9eb0160f-6222-43ee-8db1-225bd487b329; _gcl_au=1.1.1282421203.1705393081; ajs_user_id=e9a26e61-9030-464e-a7c3-73b485fbc009; access-token=eyJhbGciOiJIUzI1NiIsImtpZCI6InYxIiwidHlwIjoiSldUIn0.eyJuYW1lIjoiQWRtaW4iLCJpc3MiOiJieXRlYmFzZSIsInN1YiI6IjEwMSIsImF1ZCI6WyJiYi51c2VyLmFjY2Vzcy5wcm9kIl0sImV4cCI6MTcwNjQ5NzUxNSwiaWF0IjoxNzA1ODkyNzE1fQ.g54hd_VxScDz1lcjrOos95PzoxG9XPJAro3JPRXexrY; user=101; casdoor_session_id=e051821a02ad224423d23e57a6f8598e' \
  -H 'Origin: http://localhost:8000' \
  -H 'Referer: http://localhost:8000/login/saml/authorize/admin/cloudsso' \
  -H 'Sec-Fetch-Dest: empty' \
  -H 'Sec-Fetch-Mode: cors' \
  -H 'Sec-Fetch-Site: same-origin' \
  -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua: "Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'sec-ch-ua-platform: "Windows"' \
  --data-raw '{"application":"cloudsso","organization":"built-in","username":"admin","password":"123","autoSignin":true,"signinMethod":"Password","type":"saml"}' \
  --compressed

image

aliyun cloudsso setting

casdoor appliction setting

refrence

管理单点登录 Appgate (POST)

casbin-bot commented 9 months ago

@seriouszyx @ComradeProgrammer @Resulte

mahuihuang commented 9 months ago

backend did't handle SP /login/saml/authorize/:owner/:applicationName ,https://github.com/crewjam/saml/blob/main/identity_provider.go#L373

hsluoyz commented 9 months ago

@mahuihuang can you try this PR? https://github.com/casbin/casdoor/pull/2661

casbin-bot commented 9 months ago

:tada: This issue has been resolved in version 1.520.0 :tada:

The release is available on GitHub release

Your semantic-release bot :package::rocket: