search

dmirandaa / moodle-auth_saml2sso

Moodle plugin for authentication using a SimpleSAMLphp Service Provider
https://moodle.org/plugins/auth_saml2sso
0 stars 6 forks source link

Loop back to the IdP home page #39

Closed lghinelli-git closed 4 years ago

lghinelli-git commented 4 years ago

Describe the bug

If I use the simplesamlphp test, everything works fine I can see user attributes, vice versa if I using Moodle page, after authentication, which is successful, I loop back to the IdP home page.

mfprimo commented 4 years ago

Hi, thank you for the report.

The SimpleSAMLphp test page is the one under the "Test authentication sources" tab? Can you report the Moodle saml plugin config?

lghinelli-git commented 4 years ago

Hello Marco, yes, the SimpleSAMLphp test page is the one under the "Test authentication sources" tab and it works fine.

Moodle saml plugin config

SimpleSAMLphp library path: /var/simplesamlphp/ SP auth source name:Lepida Single Sign Off: No Logout URL: Empty Username attribute:emailAddressPersonale Username checking: Email address Auto create users: Yes (or No nothing changes) Dual login: Yes No Users sync SAML attributes and user profile: Nothingh set

Test authentication settings - SAML2 SSO Auth SimpleSAMLphp version is 1.19.0-rc1 It seems SimpleSAMLphp uses default PHP session storage, it could be troublesome: switch to another store.type in config.php Everything seems ok

lghinelli-git commented 4 years ago

Hello Marco, I used SAML DevTools extension to debug what happens, after the POST both Request URL: https://vmmoodlesp.greenteam.online/simplesaml/module.php/saml/sp/saml2-acs.php/Lepida Request Method: POST Status Code: 303 See Other SimpleSAMLphp: Request URL: https://vmmoodlesp.greenteam.online/simplesaml/module.php/core/authenticate.php?as=Lepida Request Method: GET Status Code: 200 OK auth_saml2sso: Request URL: https://vmmoodlesp.greenteam.online/moodle2/login/index.php?saml=on Request Method: GET Status Code: 302 Found Location: https://federatest.lepida.it/gw/SSOProxy/SAML2?xxxxxxxxx

Does it help?

mfprimo commented 4 years ago

Sorry for the delay. I couldn't replicate the problem, I suspect it is a sessin-related issue. Try to replace the session handler of SimpleSAMLphp with someone other than phpsession.

lghinelli-git commented 4 years ago

Grazie, provo a cambiare il gestore delle sessione intanto.

lghinelli-git commented 4 years ago

SOLVED! in /var/simplesamlphp/config/config.php, changed store.type from 'phpsession' to 'memcache', now during logon session a debug message appear 'There is no valid e-mail address from Identity Provider, changed the setting 'Allow empty email' form 'No' to 'Yes' and now I can login into Moodle using SAML IdP.