flipboxfactory / saml-sp

SAML Service Provider (SP) Plugin for Craft CMS
https://saml-sp.flipboxfactory.com/
Other
19 stars 5 forks source link

Custom Attributes Not Working #177

Closed harispepic closed 2 years ago

harispepic commented 2 years ago

Hi all

Custom mapping does not work for me. I have done everything according to the instructions. All default attributes it fetches only the user specific ones not.

image

I think the error is in the mapping area, if you inspect the element it looks like this: image But I think the custom user fields should be fields[company], fields[costCenter]

Over the SAML Chrome Panel Plugin I get all the data I need.

Can you help me here?

Regards

dsmrt commented 2 years ago

It sounds like those values aren’t being set after login. If dev mode is on you should be able to see some logging showing what is happening there.

Can you check the logging? Search for the following string:[saml-.

harispepic commented 2 years ago

I cleared the logs and made a new test this is the output

2022-09-29 14:58:52 [web.INFO] [saml-core] Looping thru 1 role descriptors {"memory":22642720} 
2022-09-29 14:58:52 [web.INFO] [saml-core] Using Service method: getAssertionConsumerService {"memory":22643232} 
2022-09-29 14:58:52 [web.INFO] [saml-core] Signature valid and verified. {"memory":22901640} 
2022-09-29 14:58:52 [web.INFO] [saml-core] Looping thru 1 role descriptors {"memory":22948656} 
2022-09-29 14:58:52 [web.INFO] [saml-core] Using Service method: getAssertionConsumerService {"memory":22949168} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\NotBefore validation errors: [] {"memory":22962960} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\NotOnOrAfter validation errors: [] {"memory":22963656} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\SessionNotOnOrAfter validation errors: [] {"memory":22964352} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationMethod validation errors: [] {"memory":22965048} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationNotBefore validation errors: [] {"memory":22965744} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationNotOnOrAfter validation errors: [] {"memory":22966440} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationRecipientMatches validation errors: [] {"memory":22967136} 
2022-09-29 14:58:52 [web.INFO] [saml-core] SAML2\Assertion\Validation\ConstraintValidator\SubjectConfirmationResponseToMatches validation errors: [] {"memory":22967832} 
2022-09-29 14:58:52 [web.INFO] [saml-core] Signature valid and verified. {"memory":22968208} 
2022-09-29 14:58:52 [web.INFO] [saml-core] flipbox\saml\sp\validators\SignedElement validation errors: [] {"memory":22968904} 
2022-09-29 14:58:52 [web.INFO] [saml-sp] firstName as Haris. Is Field? Nope {"memory":24649528} 
2022-09-29 14:58:52 [web.INFO] [saml-sp] lastName as Pepic. Is Field? Nope {"memory":24651376} 
2022-09-29 14:58:52 [web.INFO] [saml-sp] email as hp@hotmail.com. Is Field? Nope {"memory":24653272} 
2022-09-29 14:58:52 [web.INFO] [saml-sp] RelayState: https://it-kiosk.local/admin/dashboard {"memory":27579952} 

I think the error is in the mapping area, the name of the select field should be the same name as the custom user field

dsmrt commented 2 years ago

@harispepic I did find an issue BUT I believe you might have something else going one here too.

The issue I found is I had some extra validation based on whether the custom fields show in the $user->attributes() array result. Seems like this no longer works that way. Content fields are shown in that list any longer. I removed that validation, and then it started working for me.

I don't see Cost Center or Company in your log output above so I think that the IdP isn't sending it. Could this be the case? You may want to check that.

This is the debug logging I see, now that things are working (with my patch):

2022-09-29 15:51:59 [web.DEBUG] [saml-sp] Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/company is scalar and should set value "Flipbox Digital" to user->company {"memory":4748016} 
2022-09-29 15:51:59 [web.INFO] [saml-sp] company as Flipbox Digital. Is Field? 5 {"memory":4748712} 

See version saml-sp 4.0.3 for the patch.

Let me know how this works!

harispepic commented 2 years ago

@dsmrt YOU are the best! It's working now with the update! 🎉🎉

Other question, how can I update the user attributes on SSO? Sometimes the Cost Center or other attributes are going to change.

dsmrt commented 2 years ago

@harispepic Thanks for the kinds words and good catch!

As for your question, are you asking what happens with Cost Center field values change? like user dsmrt starts with Cost Center = value1, then it changes to value2 (at a later time). In this case, all user attributes are saved/updated on each login. What ever comes over the SAML Response document, is parsed at the time of login then saved to the mapped fields on the Craft user.

Does that answer the quesiton?

harispepic commented 2 years ago

Yes, that answers my question! Thank You!