Closed pixelfantasy closed 3 years ago
I think i figured something out. The problem lies in the new security feature of symfony 5.1 or maybe the implementation of it. I am using 2 different authenticators and because of this i added 2 user-providers.
providers:
app_db_provider:
entity:
class: 'App\Entity\AppUser'
property: username
manager_name: default
saml_provider:
saml:
user_class: 'App\Entity\AppUser'
default_roles: ['ROLE_MYLINKS_USER']
The second user-provider matches your documentation. But now I added app_db_provider instead of saml_provider to my saml-firewall as provider and now it works! User-data now is persisted and even the second error of trying to write duplicate entries to database of already existing user-entry is gone. So i am coming to the conclusing that the implementation of the new symfony security feature is buggy.
@pixelfantasy hello.
SamlUserProvider was never deprecated and is using in case when you only need to instantiate a user object. If you need to persist a user, you can use saml.user_factory
option (see https://github.com/hslavich/OneloginSamlBundle#just-in-time-user-provisioning-optional for details).
I've come across the same issue as @pixelfantasy while on Symfony 5.1.6, and the same solution worked.
SamlUserProvider was never deprecated and is using in case when you only need to instantiate a user object. If you need to persist a user, you can use
saml.user_factory
option (see https://github.com/hslavich/OneloginSamlBundle#just-in-time-user-provisioning-optional for details).
@a-menshchikov even following the documentation I was still ending up with an empty user and nothing persisted to the database. Using an entity provider instead of a SAML provider, however, works and users are properly persisted and appear to be SAML authenticated.
@crbanman thank you for comment. Yes, you are right (I made mistake in the previous message). Usage of SamlUserProvider prevent user persistence and in case when you need it you should use any user provider that will throw UsernameNotFoundException (EntityUserProvider e.g.).
I will be grateful if you propose PR to readme that better explains this logic.
Hello, i am using this bundle in my project and by now i am able to authenticate properly with my idp through saml. But i soon recognized, that my user is never persisted to database and started investigating. My actual application setup is:
The problem seems to be located in the SamlUserProvider.php
` public function __construct($userClass, array $defaultRoles) { $this->userClass = $userClass; $this->defaultRoles = $defaultRoles; }
` The loadUserByUsername() function always generates an empty user-object instead of trying to load the user from database as expected. This leads to the following problem in the SamlAuthenticator.php in the createPassport() function, which is responsible for persisting the new users and checking if user object already exists in database.
` protected function createPassport(): PassportInterface { $attributes = $this->extractAttributes(); dump($attributes); $username = $this->extractUsername($attributes); dump($username);
` Am i missing something? Only by adding my workaround in the vendor-directory i could get it working. But maybe only the documentation is not up-to-date and some class-implementation is missing? I already recognized that the usage of SamlUserProvider.php is marked as deprecated in the service.php. Any help would be appreciated :-)