search

cdaecke / md_saml

TYPO3 SSO Login with SAML authentication
Other
2 stars 8 forks source link

PHP Warning: Undefined array key "username" #22

Closed jonathanscholz-snd closed 3 months ago

jonathanscholz-snd commented 3 months ago

Hello,

we tried to configure your extension for SAML Authentication with Microsoft Entra ID but ran into issues with the username. We included username as a claim in Azure but still got the following error when trying to log in: PHP Warning: Undefined array key "username" in /var/www/website/vendor/mediadreams/md_saml/Classes/Authentication/SamlAuthService.php line 195

We tried adding the username key as a constant in the php code and it worked, but we are unsure how to dynamically insert the correct claim from the saml response.

Thanks for any help!

cdaecke commented 3 months ago

Which version of the extension are you using?

Maybe this helps? https://github.com/cdaecke/md_saml/blob/master/Readme.md#sso

jonathanscholz-snd commented 3 months ago

Thanks for your fast reply. We are using Typo3 12.4 with Extension Version 3.0.5.

We managed to resolve the issue with the help of the documentation!

Unfortunately we ran into another issue. When logging in via SAML the user gets redirected to the login page again (/typo3/login?loginProvider=1648123062&login-provider=md_saml&login_status=login&acs).

In the logs we see: "Login-attempt from for username '' with an empty password!"

Do you have an idea what could be the Issue?

h0Lz404 commented 3 months ago

Hey there,

we are getting the same error using TYPO3 11.5:

In the logs we see: "Login-attempt from for username '' with an empty password!"

Do you have a solution meanwhile?

jonathanscholz-snd commented 3 months ago

Unfortunately not and we have no idea where to look.

jonathanscholz-snd commented 3 months ago

Hello again,

@h0Lz404 we found a solution for out problem: In the setup.typoscript when you configure the saml extension we had to remove every entry in the "databaseDefaults" section. It seems that in that section you can configure the default fields for new user in the database, so choose them only if you need them.

Hope this helps!

h0Lz404 commented 3 months ago

Thank you for your reply. We fixed our problem by adding the distinguishedname in the transformation array. Now the user can be found in the database and will be recognised during the login process.