search

chrodriguez / redmine_omniauth_saml

Plugins that adds SAML authentication support for "Redmine"
GNU General Public License v2.0
38 stars 57 forks source link

OmniAuth SAML plugin issue #2

Closed SaubhagyaW closed 8 years ago

SaubhagyaW commented 9 years ago

I've been using your OmniAuth SAML plugin for Redmine SSO provisioning with an IDP. Redmine version - 2.6.0, Ruby version - 1.9.3, Rails version - 3.2.19.

When a login request is sent, it redirects to the IDP and the session is also created but I'm getting a "422 - Invalid form authenticity token" error. I've attached a screen shot of the error below. redmine error 422

This is the SAML Request

GET https://localhost:9443/samlsso?SAMLRequest=nZFNb4JAEIb%2FCrc9IQuCyERIiNiERE2jtodemhWHSLLs0p2lH%2F%2B%2BiGmih%2FbQ%0A6%2BR55p2PBYlWdpD39qx2%2BNYjWScnQmMbrZZaUd%2Bi2aN5byp82q1Tdra2A8%2BT%0AuhLyrMnClHPOnGIQGyUu1pWhOygJw6l3iSLSzCmLlL3WceD7Uc1dwWPf5f40%0AcGfzY%2BDycF7PkmOVJCgGlKjHUpEVyqYs4H7k8sAN4gOPIJxBFL8w5xkNjbnB%0AZJjks5WKYFwrZb1RoAU1BEq0SGAr2OebNQwkdEZbXWnJssWFhjHK3Ph%2F6%2BLn%0ASizbrYpNuV0tvJs%2B16YdbAexLB61bKovJ5dSfywNCosps6ZH5jxo0wr7e5Q%2F%0A8cdKc3LrEQVsRSPz08kg0X%2FW9bLroPdfz74B%0A HTTP/1.1

SAML Response from IDP

<saml2p:Response Destination="http://localhost:3000" ID="mocookobpeaobaongefdhldahiohlfahimomhljf" InResponseTo="_f72115f0-a071-0132-68b2-048f69bc99ea" IssueInstant="2015-02-27T05:47:03.059Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" localhost/saml2:Issuer saml2p:Status

/saml2p:Status <saml2:Assertion ID="fcogdnmhdbibbpgaapafkkcenibihahpfpnofcao" IssueInstant="2015-02-27T05:47:03.059Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"

localhost/saml2:Issuer saml2:Subject admina/saml2:NameID /saml2:SubjectConfirmation /saml2:Subject

Rails back log

Started POST "/" for 127.0.0.1 at 2015-02-27 10:40:03 +0530 Processing by WelcomeController#index as HTML Parameters: {"SAMLResponse"=>"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4KPHNhbWwycDpSZXNwb25zZSBEZXN0aW5hdGlvbj0iaHR0cDovL2xvY2FsaG9zdDozMDAwIiBJRD0ibGRvb2ZuZ2dtbGpvb2xnaGRrbWtwZ25kZGZubGloZm5obmhkZGZpaiIgSW5SZXNwb25zZVRvPSJfYjE4NzMwMjAtYTA2Yy0wMTMyLTY4YjAtMDQ4ZjY5YmM5OWVhIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMDItMjdUMDU6MTA6MDEuNzQ5WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sMnA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmxvY2FsaG9zdDwvc2FtbDI6SXNzdWVyPjxzYW1sMnA6U3RhdHVzPjxzYW1sMnA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1sMnA6U3RhdHVzPjxzYW1sMjpBc3NlcnRpb24gSUQ9Im9taGxtZ2FrYmNtbWVtY2dkcGFiZWJtb2trY2RkZGFtbmdmZmRicGgiIElzc3VlSW5zdGFudD0iMjAxNS0wMi0yN1QwNToxMDowMS43NDlaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5sb2NhbGhvc3Q8L3NhbWwyOklzc3Vlcj48c2FtbDI6U3ViamVjdD48c2FtbDI6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4xOm5hbWVpZC1mb3JtYXQ6ZW1haWxBZGRyZXNzIj5hZG1pbmE8L3NhbWwyOk5hbWVJRD48c2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sMjpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YSBJblJlc3BvbnNlVG89Il9iMTg3MzAyMC1hMDZjLTAxMzItNjhiMC0wNDhmNjliYzk5ZWEiIE5vdE9uT3JBZnRlcj0iMjAxNS0wMi0yN1QwNToxNTowMS43NDlaIiBSZWNpcGllbnQ9Imh0dHA6Ly9sb2NhbGhvc3Q6MzAwMCIvPjwvc2FtbDI6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWwyOlN1YmplY3Q+PHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE1LTAyLTI3VDA1OjEwOjAxLjc0OVoiIE5vdE9uT3JBZnRlcj0iMjAxNS0wMi0yN1QwNToxNTowMS43NDlaIj48c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDI6QXVkaWVuY2U+UkVETUlORTwvc2FtbDI6QXVkaWVuY2U+PC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjwvc2FtbDI6Q29uZGl0aW9ucz48c2FtbDI6QXV0aG5TdGF0ZW1lbnQgQXV0aG5JbnN0YW50PSIyMDE1LTAyLTI3VDA1OjEwOjAxLjc0OVoiIFNlc3Npb25JbmRleD0iMGZhYzlmOWQtNWI1Zi00NmYzLTgyNDItMjM1ZTNhNzFkYWIzIj48c2FtbDI6QXV0aG5Db250ZXh0PjxzYW1sMjpBdXRobkNvbnRleHRDbGFzc1JlZj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZDwvc2FtbDI6QXV0aG5Db250ZXh0Q2xhc3NSZWY+PC9zYW1sMjpBdXRobkNvbnRleHQ+PC9zYW1sMjpBdXRoblN0YXRlbWVudD48L3NhbWwyOkFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4=", "RelayState"=>"null"} WARNING: Can't verify CSRF token authenticity AnonymousUser Load (0.1ms) SELECT users.* FROM users WHERE users.type IN ('AnonymousUser') LIMIT 1 Rendered common/error.html.erb within layouts/base (0.3ms) Filter chain halted as :verify_authenticity_token rendered or redirected Completed 422 Unprocessable Entity in 30.0ms (Views: 21.6ms | ActiveRecord: 0.1ms)

Rails back log says "AnonymousUser Load (0.1ms) SELECT users.* FROM users WHERE users.type IN ('AnonymousUser') LIMIT 1" and a user with type Anonymous is auto created when trying to login. I've attached a screen shot of the MySQL database table too. redmine users mysql table

Would you please be kind enough to look into this issue.

chrodriguez commented 9 years ago

Do you still have this issue? I've just updated this plugin to work with redmine 3 and it doesn't shows this message. I remember it doesn't show in 2.6 neither.

If it is still happening, I can replicate the installation with the exact version you are using: Redmine 2.6.0, Ruby version - 1.9.3, Rails version - 3.2.19.

Sorry for my late response

mattfirtion commented 9 years ago

Did you ever get past this issue? I'm running into the same problem with 2.5.2.stable.

SaubhagyaW commented 9 years ago

I tried your plugin for RM 3.0 as well about 2 months ago and didn't work. Maybe you fixed it recently.

So I used a different plugin for my integration.

chrodriguez commented 9 years ago

Yes, I've updated the code 13 days ago. Now there are two branches: one for redmine-2 and other for redmine-3

We are using it at our Organization without problems

migumun commented 4 years ago

Hi @chrodriguez , I have installed Redmine 4.1.0 together with your plugin (using master branch, latest commit at time of writing) and I see this error again. I can't make the plugin work.

Is it supposed to be fixed and work for RM 4.1.0 as well?

Thanks.

jjarav commented 3 years ago

Hi @chrodriguez I have installed version 4.1.1.stable and your plugin works almost perfect. Only receive the same 422 error when I do the logout. Redmine version 4.1.1.stable Ruby version 2.6.6-p146 (2020-03-31) [x86_64-linux] Rails version 5.2.4.2

Login works perfect. Logout close the session of the idp but the redmine session doesn't. The log says this:

redmine_1 | 172.18.0.1 - - [20/Nov/2020:23:57:05 UTC] "POST /logout HTTP/1.1" 302 603 redmine_1 | http://redminelocal:8080/admin/info -> /logout redmine_1 | 172.18.0.1 - - [20/Nov/2020:23:57:09 UTC] "POST /auth/saml/sls HTTP/1.1" 422 2786 redmine_1 | - -> /auth/saml/sls

Please, let me know if you can help me. Can I turn on some log? Thanks in advance.