lightSAML / SpBundle

SAML2 SP Symfony Bundle based on LightSAML
https://www.lightsaml.com/SP-Bundle/
MIT License
66 stars 70 forks source link

Load balancer may cause username is null in "saml/login_check" ? #44

Open gpeanodc opened 7 years ago

gpeanodc commented 7 years ago

Hi @tmilos My application is working good in local environment. I set up the app in "dev" environment, the dev server is behind a load balancer. When I try to access to a private page under "saml firewall", I'm redirected to the right login form, I put my ids but when I'm redirected to "login_check" route, I have an error:

An exception occurred while executing 'INSERT INTO user_saml (username, roles) VALUES (?, ?)' with params [null, "[\"ROLE_USER\"]"]: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'username' cannot be null

It seems that, for a reason I don't know, the username is not getting back.

Can it be a problem with load balancing ? Is there a configuration I can make from app side ?

I've already set this instruction in my /web/app.php file:

Request::setTrustedProxies(array($_SERVER['REMOTE_ADDR']));

Thanks for your help.

gpeanodc commented 7 years ago

Hi, I make some debug in SimpleUsernameMapper class and my results are the nameId I get from assertion subject is NULL(see the code below).

object(LightSaml\Model\Assertion\Subject)#441 (2) { ["nameId":protected]=> NULL

Do you think it can be a session issue with data loss because of load balancing ? Is there a config parameter to change this ? Thanks.

gegeturambar commented 7 years ago

Hi, it seems to me that i have the same problem, but i'm not behind a loadBalancer,...

I setup an identityProvider on a local server id.local , with simplesamlphp, with this config/authsources.php =>

$config = array(
        'example-userpass' => array(
                'exampleauth:UserPass',
                'student:studentpass' => array(
                        'uid' => array('student'),
                        'eduPersonAffiliation' => array('member', 'student'),
                        'roles' =>      array('ROLE_USER','ROLE_SEF'),
                ),
                'employee:employeepass' => array(
                        'uid' => array('employee'),
                        'eduPersonAffiliation' => array('member', 'employee'),
                        'roles' =>      array('ROLE_USER','ROLE_SEF'),
                ),
        ),
);

( and when i test this configuration with simplesmalphp and nothing else, i can put my credentials and register fine )

But, when i try to access to a private page under "saml firewall", I too am redirected to the right login form, where i put my credentials but when I'm redirected to "login_check" route, I have the same error:

An exception occurred while executing 'INSERT INTO user_saml (username, roles) VALUES (?, ?)' with params [null, "["ROLE_USER"]"]: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'username' cannot be null

I tried to debug, and it seems to me that the problem is occuring in the

private function getUsernameFromAssertion(Assertion $assertion)

Indeed the test =>

$assertion->getSubject()->getNameID()->getFormat() != SamlConstants::NAME_ID_FORMAT_TRANSIENT

returns always false to me,...

Any hint about how to solve this problem ?

Thanks.