Closed rocknrolaf closed 4 years ago
Hello,
Interesting use case!
It would be nice to be able to set that a little easier so I'll put some thought into it but for now, you can override this using the following event: \flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATED
https://saml-sp.flipboxfactory.com/configure/events.html#list
I think you can do something like this:
Event::on(
\flipbox\saml\sp\services\messages\AuthnRequest::class,
\flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATED,
function (Event $event) {
/** @var \SAML2\AuthnRequest $authNRequest */
$authNRequest = $event->data;
$authNRequest->setAssertionConsumerServiceURL(
sprintf(
"https://my-real-domain.com/%s/%s",
Saml::getInstance()->getSettings()->getEndpointPrefix(),
'login'
)
);
}
);
For the second issue ... couple things ...
If the login is successful, you can ignore those errors. I have to loop through a list of possible algorithms to decrypt the assertion properly (see \flipbox\saml\core\helpers\SecurityHelper::decryptAssertion
).
Also, we don't use the LightSaml library anymore. We are currently using simplesaml/saml2
core library.
Let me know if you have issues implementing the event.
Hi @dsmrt ,
thanks for the quick response! The event gives me the following error:
Error: Call to a member function setAssertionConsumerServiceURL() on null
Seems like the AuthnRequest is empty...
Ok ... let me take a look at that and get back to you.
Pushed out a new version 2.4.0
The event will now look more like this:
Event::on(
\flipbox\saml\sp\services\messages\AuthnRequest::class,
\flipbox\saml\sp\services\messages\AuthnRequest::EVENT_AFTER_MESSAGE_CREATED,
function (\flipbox\saml\sp\events\AuthnRequest $event) {
$authNRequest = $event->message;
$authNRequest->setAssertionConsumerServiceURL(
sprintf(
"https://my-real-domain.com/%s/%s",
Saml::getInstance()->getSettings()->getEndpointPrefix(),
'login'
)
);
}
);
@dsmrt sorry for the late response. but it works fine! thank you for the update!
We have a proxy setup where the Control Panel/Admin area runs on a different domain than the normal Frontend. So the AssertionConsumerServiceURL and the other urls in the metadata are wrong. Possibly this could be due to the usage of "UrlHelper::siteUrl(..." within flipboxfactory/saml-core/src/models/AbstractSettings.php
Is it maybe possible to configure the baseUrl separatly for these cases? Or use the url of the admin area?
Also (maybe its related to this) we currently have an issue. After logging in successfully at the ADFS the logs show this:
Maybe these are related: https://github.com/lightSAML/SpBundle/issues/30 https://github.com/lightSAML/lightSAML/issues/61
Any ideas/help on this would be awesome!
Cheers! Olaf