dsmrt
commented
4 years ago Hello,
Interesting use case!
It would be nice to be able to set that a little easier so I'll put some thought into it but for now, you can override this using the following event: \flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATED
https://saml-sp.flipboxfactory.com/configure/events.html#list
I think you can do something like this:
Event::on(
\flipbox\saml\sp\services\messages\AuthnRequest::class,
\flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATED,
function (Event $event) {
/** @var \SAML2\AuthnRequest $authNRequest */
$authNRequest = $event->data;
$authNRequest->setAssertionConsumerServiceURL(
sprintf(
"https://my-real-domain.com/%s/%s",
Saml::getInstance()->getSettings()->getEndpointPrefix(),
'login'
)
);
}
);For the second issue ... couple things ...
If the login is successful, you can ignore those errors. I have to loop through a list of possible algorithms to decrypt the assertion properly (see \flipbox\saml\core\helpers\SecurityHelper::decryptAssertion).
Also, we don't use the LightSaml library anymore. We are currently using simplesaml/saml2 core library.
Let me know if you have issues implementing the event.
rocknrolaf
We have a proxy setup where the Control Panel/Admin area runs on a different domain than the normal Frontend. So the AssertionConsumerServiceURL and the other urls in the metadata are wrong. Possibly this could be due to the usage of "UrlHelper::siteUrl(..." within flipboxfactory/saml-core/src/models/AbstractSettings.php
Is it maybe possible to configure the baseUrl separatly for these cases? Or use the url of the admin area?
Also (maybe its related to this) we currently have an issue. After logging in successfully at the ADFS the logs show this:
Maybe these are related: https://github.com/lightSAML/SpBundle/issues/30 https://github.com/lightSAML/lightSAML/issues/61
Any ideas/help on this would be awesome!
Cheers! Olaf