search

flipboxfactory / saml-sp

SAML Service Provider (SP) Plugin for Craft CMS
https://saml-sp.flipboxfactory.com/
Other
19 stars 5 forks source link

Redirect on saml login #198

Closed SETU-WEB closed 7 months ago

SETU-WEB commented 10 months ago

Hi Hope you could give me some guidance on how to redirect on saml login. I am using the user directory as a staff profile facility with custom fields, and I want to redirect users to /admin/myaccount?site=default on login. I tried this in my saml.sp.php config but it didn't work 

// Inside /config/saml-sp.php
use flipbox\saml\sp\controllers\LoginController;
use flipbox\saml\sp\events\RelayState;
use yii\base\Event;

return [
    // Other SAML SP configuration settings...

    // Event handling configuration
    'on beforeRelayStateRedirect' => function ($event) {
        Event::on(
            LoginController::class,
            LoginController::EVENT_BEFORE_RELAYSTATE_REDIRECT,
            function (RelayState $event) {
                // Modify the redirect URL
                $event->redirect = $event->redirect. '/admin/myaccount?site=default&logged-in-via=sso';

                // Log information for debugging or tracking
                \flipbox\saml\sp\Saml::info('Raw RelayState: ' . $event->relayState);
                \flipbox\saml\sp\Saml::info('User will be redirected to: ' . $event->redirect);

                // Other information related to the SSO event
                \flipbox\saml\sp\Saml::info('IdP: ' . $event->idp->getEntityId());
                \flipbox\saml\sp\Saml::info('SP: ' . $event->sp->getEntityId());
            }
        );
    },
];

Any help is very appreciated

dsmrt commented 10 months ago

👋 @WITwebmaster ,

If you need to make it an event use the guide here to implement the event within a custom module. I'm not familiar with the syntax you are using ('on <eventName ) within craft. This is how I do it: https://craftcms.com/knowledge-base/custom-module-events

Also, depending on your use case, there could be simpler ways to achieve this. Is this static, like it never changes?

NOTE (on my notes): here is an example on how to base64 the string you referenced above and what the get param should look like when it's sent back to the craft

echo "/admin/myaccount?site=default" | base64

Which should ultimately look like the follow: RelayState=L2FkbWluL215YWNjb3VudD9zaXRlPWRlZmF1bHQK

SETU-WEB commented 10 months ago

Hi Thanks for such a comprehensive answer. I think adding the relay state is the best way to go and I have talked to out IT dept about it . They have done relaynstate before on other azure saml setups, but they have always used a simple URL .They want to know is there any reason why it needs to be base64 as they have tried L2FkbWluL215YWNjb3VudD9zaXRlPWRlZmF1bHQK and it doesn't work Thanks

dsmrt commented 10 months ago

The plugin expects it to be base64. This is common with relaystate and other saml get parameter based messages to avoid encoding issues in the url. There is a config in the saml-sp.php that you can set to tell it to except non-base64’d strings if desired.

I’d also recommend seeing what the logging says. If it’s not working as a base 64 string something is wrong in the process and there is logging around relaystate

SETU-WEB commented 10 months ago

Great thanks for the feedback , I am meeting the IT guys on Monday so I will pass on your answer and hopefully get it sorted

SETU-WEB commented 7 months ago

Sorry I forgot to close this one. In the end as my url will never change, I went with the approach of taking the link button url and changing the final segment to point to the user page. I create a redirect called sitename/staffprofile and pointed it to that URL and it all works nicely. Thanks for the help