search

ecphp / cas-bundle

CAS Bundle, a standard Symfony bundle for authentication using CAS protocol.
https://ecphp-cas-bundle.readthedocs.io
BSD 3-Clause "New" or "Revised" License
43 stars 9 forks source link

External EC users can't authenticate #26

Closed migratis closed 3 years ago

migratis commented 4 years ago

Only internal users of the commission can be authenticated, when you are an external user (SELF_REGISTERED) you get this response from the EULogin servers :

"response" => "{"serviceResponse":{"authenticationFailure":{"@value":"Invalid user: \"n002a0t6\" belongs to \"SELF_REGISTERED\" users while application accepts only \"INTERNAL\" users or users with higher assurance levels","@attributes":{"code":"INVALID_USER"}},"@attributes":{"server":"EU Login PRODUCTION_GENESIS version 8.0.2.33926 - 07\/09\/2020 - 15:00","date":"2020-10-06T17:33:05.885+02:00","version":"5.8"}}}"

it looks like we miss the assuranceLevel Parameter to allow such authentication.

Steps required to reproduce the problem

  1. Registered to EULogin with a new user
  2. Authenticate to a symfony app using cas-bundle

Expected Result

Authentication success

Actual Result

Authentication failure

drupol commented 4 years ago

Hello,

For the authentication against ECAS/EULogin, I would suggest you to use the package ecphp/eu-login-bundle.

Then, you are free to edit/alter the default provided configuration with any parameter that you want. As of today, the assuranceLevel parameter is not set, but it might be soon included, see https://github.com/ecphp/eu-login-bundle/pull/1

Regards.

drupol commented 3 years ago

Dear @migratis ,

Do you have any new feedback on this?

Thanks.

migratis commented 3 years ago

To fix this issue, in the configuration file cas_bundle.yaml add this : cas: ... protocol: ... serviceValidate: allowed_parameters: ...