search

edgardmessias / glpi-singlesignon

GNU General Public License v3.0
73 stars 55 forks source link

Connexion not possible with WSO2 Identity Server #38

Open Ketchup31 opened 2 years ago

Ketchup31 commented 2 years ago

Hi,

I am trying since few days to setup an SSO for my GLPI instance, but no success.

  1. Login with SSO
  2. WSO2 login form is displayed
  3. consent for scope is displayed (I select all and confirm)
  4. Then the GLPI page appears saying that teh user is not allowed to connect to GLPI.

Is it possible to activate detailed log to help the debugging in order to see all exchanges between the IDP and the plugin? If yes how and where are the log files (in /_log) Do I need to setup specifics claims in my IDP? if yes can you advise me which ones?

Thank you for your support.

Best regards. Pascal

Configuration are hereunder: for GLPI: image

for the plugin: image

STEP 1 image

STEP 2 image

STEP 3 image

STEP 4 The messages say:
Warning: No data available on site /var/www/html/glpi/src/Toolbox.php on line 1427 User not allowed to connect to GLPI

image

edgardmessias commented 2 years ago

In the config page you can use the test button, that will display detailed information about the login.

The second thing is: You must have a GLPI user with the same login or email

Ketchup31 commented 2 years ago

Dear Edgar,

Thank you for your quick response.

I cannot use the test button as I am behind a reverse proxy and in that case the $url value is set with the port used by the reverse proxy (8004) and not the 443 use to reach GLPI from a public IP (via Internet).

So to have an idea about my implementation:


From  Internet                              Reverse proxy                   SingleSignOn plugin
https://<myURL>  ======================> http://<myURL>:8004  ===============>  <myURL>:8004

So when I click on the test button I get an error message saying that there is a mismatch between the callback url declared in my IDP which is https://<myURL>/plugins/singlesignon/front/callback.php/provider/1 and the plugin which is https://<myURL>/plugins/singlesignon/front/callback.php/provider/1/test/1 In order to have the plugin working for me I have commented the following lines in provider.class.php file.

      if ($port != "80" && $port != "443") {
         $baseURL .= ":" . $_SERVER["SERVER_PORT"];
      }

I have a user already created in GLPI with the same login and email.

Any idea to make the test button working for me? What values can I set in field "Extra Options" ?

Thank you.

Mr-EJ commented 1 year ago

The test callback uri is different from the production callback uri you need to add the test callback uri "/test/1" to the IDP for the test to succeed