search

chrodriguez / redmine_omniauth_saml

Plugins that adds SAML authentication support for "Redmine"
GNU General Public License v2.0
38 stars 57 forks source link

Almost there :-) #19

Closed gosforth closed 8 years ago

gosforth commented 8 years ago

SSO and Redmine are communicating finaly. But I have error:

I, [2016-10-07T14:44:09.934516 #24768]  INFO -- : Started GET "/auth/saml?origin=https%3A%2F%2Fhost%2F" for 21.15.7.3 at 2016-10-07 14:44:09 +0200
I, [2016-10-07T14:44:10.457142 #24768]  INFO -- : Started POST "/auth/saml/callback" for 21.15.7.3 at 2016-10-07 14:44:10 +0200
I, [2016-10-07T14:44:10.501476 #24768]  INFO -- : Processing by AccountController#login_with_saml_callback as HTML
I, [2016-10-07T14:44:10.501887 #24768]  INFO -- :   Parameters: {"SAMLResponse"=>"PHNhbWxwOlJlc3BOkF0dHJp...9uc2U+", "provider"=>"saml"}
I, [2016-10-07T14:44:10.504007 #24768]  INFO -- :   Current user: anonymous
W, [2016-10-07T14:44:10.507570 #24768]  WARN -- : WARNING: Can't mass-assign protected attributes for User: login
    plugins/redmine_omniauth_saml/lib/redmine_omniauth_saml/user_patch.rb:12:in `find_or_create_from_omniauth'
    plugins/redmine_omniauth_saml/lib/redmine_omniauth_saml/account_controller_patch.rb:32:in `login_with_saml_callback'
    lib/redmine/sudo_mode.rb:63:in `sudo_mode'
I, [2016-10-07T14:44:10.520688 #24768]  INFO -- : Completed 422 Unprocessable Entity in 19ms (ActiveRecord: 1.2ms)
F, [2016-10-07T14:44:10.522233 #24768] FATAL -- : 
ActiveRecord::RecordInvalid (Validation failed: Email cannot be blank, Login cannot be blank, First name cannot be blank, Last name cannot be blank):
  plugins/redmine_omniauth_saml/lib/redmine_omniauth_saml/user_patch.rb:17:in `find_or_create_from_omniauth'
  plugins/redmine_omniauth_saml/lib/redmine_omniauth_saml/account_controller_patch.rb:32:in `login_with_saml_callback'
  lib/redmine/sudo_mode.rb:63:in `sudo_mode'

Where to search for the solution; Redmine does not get needed attributes or mapping is wrong?

In config I have:

      :login      => 'extra.raw_info.username',
       :uid      => 'extra.raw_info.username',
      :firstname  => 'extra.raw_info.first_name',
      :lastname   => 'extra.raw_info.last_name',
      :mail       => 'extra.raw_info.email'

How to check if SSO response deliveres login, uid, mail, firstname, lastname, mail?

gosforth commented 8 years ago

This happens when I have option "Create users automatically?" on. When it is off I get message in browser:

translation missing: en-GB.notice_account_invalid_creditentials. You may want to close SSO session before trying an other username.

or in log:

Failed login for 'XXXX' from ....

gosforth commented 8 years ago

OK, works - u can close this

rozmarbeka commented 8 years ago

@gosforth Could you tell me what was the attribute mapping which is worked for you? In my config the keys are attributes coming from SSO and the values are the variable names on Redmine side. Am I right?