search

jeffwils / grails-spring-security-saml

Grails Spring Security SAML2.0 Plugin for Grails 3
8 stars 24 forks source link

default IDP ignored #5

Closed parizpe1 closed 6 years ago

parizpe1 commented 7 years ago

/login/auth (default redirect when the user opens a link withouth a pattern) redirects to the last added IDP, not to the default IDP

jeffwils commented 7 years ago

That is a carryover from the old 2.5 plugin. It only allows for a single IDP to be set up. I will get that functionality (and correct default) functionality working as well in the next release.

Out of curiosity, were you using application.yml or application.groovy.

HybridProgrammer commented 7 years ago

I'm using application.groovy with the same results as parizpe1.

I corrected the issue by modifying idp-local.xml file and removing IDP I didn't want to use. This will cause future problems as idp-local.xml is now static but I'll cross that hurdle later.

parizpe1 commented 7 years ago

I used application.groovy. I have 373 functional IDPs in my metadata and can authenticate successfully with all of them. My default IDP is also functional when I click on the link "login with default URL", but for some reason, springsecurity decides to redirect the user to the last added IDP when he tries to acces a restricted URL in my application

petrosferdinand commented 7 years ago

workaround: add metadata.setDefaultIDP(SpringSecurityUtils.securityConfig.saml.metadata.defaultIdp) to the last line of all routines that add an IdP

jeffwils commented 7 years ago

I have just released version 3.1.2 that now should set the defaultIdp. With my current setup it is a little difficult to test this out. If you guys need this for Grails < 3.1 let me know and I will get the 3.0.x version updated as well.

pshotton commented 6 years ago

Hi Jeff - I'm running 3.1.2, but when I start up the app I get: Caused by: java.lang.IllegalStateException: Cannot convert value of type [org.grails.config.NavigableMap$NullSafeNavigator] to required type [java.lang.String] for property 'defaultIDP': no matching editors or conversion strategy found

Looks like the default idp is not being set up

pshotton commented 6 years ago

Got it. The grails.plugin.springsecurity.saml.metadata.defaultIdp = 'ping' line had 'l' (el) rather than 'I' (eye). Don't know if that was the s2 scripts or me - but fixed now...

irstevenson commented 6 years ago

Looks like @jeffwils solved this in 3.1.2, so now closing.

If the issue still exists, let us know and we can re-open.