search

cirrusidentity / simplesamlphp-module-authoauth2

OAuth2/OIDC Authentication module for SimpleSAMLphp
GNU Lesser General Public License v2.1
32 stars 28 forks source link

Authsource must be of type saml:SP #100

Open obdeijn opened 1 month ago

obdeijn commented 1 month ago

The README and the provided documentation in https://github.com/cirrusidentity/simplesamlphp-module-authoauth2/blob/master/docs/GOOGLE.md seem to suggest that you can configure an Oauth2 or OpenIDConnect provider directly in authsources.php. This is what we did when we were using SimpleSaml < 2.0 and it worked fine. When I try this now, when upgrading to SimpleSaml 2.3.0 and authoauth2 4.1.0, I get the following error:

SimpleSAML\Error\Exception: Authsource must be of type saml:SP

It seems that this is not an accepted way of configuring an IdP anymore. See also the discussion in https://github.com/simplesamlphp/simplesamlphp/issues/2143 and the documentation in https://simplesamlphp.org/docs/stable/simplesamlphp-sp.html

So it seems to me that the latest version of authoauth2 and the provided documentation is not compatible with SimpleSaml >= 2.0

pradtke commented 1 month ago

Hi @obdeijn ,

We are using the module with SSP 2.3.0.
Perhaps you can provide more details on how you are using it?

obdeijn commented 4 weeks ago

Thanks for you reply @pradtke. I am using the Filesender project (https://github.com/filesender/filesender) which relies on SSP for authentication. I am running it in a Docker container. I have this in the Dockerfile to install the authoauth2 module:

    composer config --no-plugins allow-plugins.simplesamlphp/composer-module-installer true && \
    composer require cirrusidentity/simplesamlphp-module-authoauth2:v4.1.0 && \

In config/config.php of SSP I have this:

    'module.enable' => [
        'exampleauth' => false,
        'core' => true,
        'admin' => true,
        'authoauth2' => true
    ],

In config/authsources.php of SSP I have this:

$auth = array(
    'authoauth2:OpenIDConnect',
    'issuer' => $oidcIssuer,
    'clientId' => $oidcClientId,
    'clientSecret' => $oidcClientSecret,
    'urlAuthorizeOptions' => array(
        'scope' => 'openid profile email',
    ),
);

$config = array(
    'admin' => array(
        'core:AdminPassword',
    ),
    'myAuthProvider' => $auth,
);

Is this also how you do it, or am I missing something?

obdeijn commented 2 weeks ago

@pradtke have you had a chance to look into this?