search

jeffwils / grails-spring-security-saml

Grails Spring Security SAML2.0 Plugin for Grails 3
8 stars 24 forks source link

Get username from SAML 2 Issue #29

Closed ali-mansoor closed 5 years ago

ali-mansoor commented 6 years ago

I dont know whether it is configuration issue I am trying to integrate below plugin

Grails 3.3.3 compile "org.grails.plugins:spring-security-core:3.2.1" compile "org.grails.plugins:spring-security-saml:3.3.0" compile "org.grails.plugins:spring-security-ui:3.1.2"

after configuring I was able authenticate and send response from IDP to Grails application, but I know see a problem while getting value from response. Value from below code encrypted I guess due to which it is not able get User domain from my datatbase as table contains raw username " return credential.nameID?.value"

Could you suggest ? Help me to get log?

I am using Shibbolet SAML 2.

Below error log:

13:01:57.219 [http-nio-8080-exec-2] INFO o.o.c.b.s.SAMLProtocolMessageXMLSignatureSecurityPolicyRule - SAML protocol message was not signed, skipping XML signature processing 13:02:06.559 [http-nio-8080-exec-2] ERROR o.a.c.c.C.[.[.[.[grailsDispatcherServlet] - Servlet.service() for servlet [grailsDispatcherServlet] in context with path [] threw exception java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor

irstevenson commented 6 years ago

Hi @ali-mansoor ,

I'm having a little trouble reading the above, so could you please confirm:

  1. By 'using Shibbolet SAML 2' do you mean you have an Shibboleth Identity Provider installed providing SAML 2 support? If so, what version, and are you the admin of this server? (Note: I actually test this and my own SAML app against a Shibboleth IdP 3.3.2 server in a vagrant box.)
  2. Have you confirmed (with something else, for example the Spring Security SAML Extension Sample App) that your IdP is work and returning the attributes you're after?
  3. Also, it looks like in your metadata (not sure which - IdP or SP) you've requested that responses are signed - if that's not your wish you can remove to simplify.

If you can let me know the above that should help us help you. Also, I'm not sure how this fits with your other issue (#28), but seeing this is newer I'll assume this is your immediate concern - and obviously might be related once we get past config.

Also, if you want to simply increase logging, use your normal logback config with org.grails.plugin.springsecurity.saml package.

Cheers.

ali-mansoor commented 6 years ago

Thanks for the reply

May be I misconfigured it

I have installed Shibboleth Identity Provider 2.4.2 using tutorial https://www.cybera.ca/news-and-events/tech-radar/getting-started-on-shibboleth/

Configured Grails Saml using http://www.wave-access.com/public_en/blog/2014/june/23/how-to-configure-saml-20-on-grails-with-the-help-of-grails-spring-security-saml-plugin.aspx

Can you help me if anything is msiconfigured? or point me to relevant tutorial for IDP and SAML

May be it is due certificate or key issue