search

jeffwils / grails-spring-security-saml

Grails Spring Security SAML2.0 Plugin for Grails 3
8 stars 24 forks source link

Correct Configuration for URLs #6

Closed HybridProgrammer closed 6 years ago

HybridProgrammer commented 7 years ago

What are the correct URLs for IDP AssertionConsumerService? Specifically HTTP-POST, HTTP-Artifact and PAOS?

I've tried using the following format: /saml/SSO/alias/mysp

However after login I am redirected to defaultFailureUrl = '/log4J/logging'

jeffwils commented 7 years ago

Should be

/spring-security-saml/saml/SSO/alias/{your alias}

Thank you also for the redirection info. It is obviously incorrect. I had that in there for testing. I will add a config property to set the failure URL (and reset the default to authfail.

HybridProgrammer commented 7 years ago

I used /spring-security-saml/saml/SSO instead.

I had problems using the alias it kept failing to find the alias in SAMLContextProviderImpl.java#populateLocalEntityId() ` // Populate entityId entityId = metadata.getEntityIdForAlias(localAlias);

        if (entityId == null) {
            throw new MetadataProviderException("No local entity found for alias " + localAlias + ", verify your configuration.");
        } else {
            logger.debug("Using SP {} specified in request with alias {}", entityId, localAlias);
        }

`

entityId always returned null

without the alias SAMLContextProviderImpl.java#populateLocalEntityId() returns the default sp which is configured in application.groovy: grails.plugin.springsecurity.saml.metadata.sp.defaults.entityId = 'https://mysp.example.com'

parizpe1 commented 7 years ago

I also had problems using the alias, however the springsecurity extension is wired so that you can use:

irstevenson commented 6 years ago

Are people still having issue with this? (If not, I plan to close.)

I personally have seen the alias endpoint work fine, but maybe I'm missing something.