search

lightSAML / SpBundle

SAML2 SP Symfony Bundle based on LightSAML
https://www.lightsaml.com/SP-Bundle/
MIT License
66 stars 70 forks source link

Issue with fallback on in_memory with http basic #52

Open francescomalatesta opened 7 years ago

francescomalatesta commented 7 years ago

Hi guys,

I am working with your component and I have a specific necessity.

I want to use an SSO service with your package, but I also want to use the in_memory default symfony solution as a fallback.

I tried to use a chained provider and also tried to specify the fallback like this:

my_firewall:
          pattern:  ^/saml
          security: true
          light_saml_sp:
              provider: my_saml_user_provider
              user_creator: my_saml_user_factory
              login_path: /login
              check_path: /saml/login_check
              always_use_default_target_path: true
              default_target_path: /admin
              require_previous_session: false
          logout:
              path: /logout
          http_basic:
              realm: "Access denied"
              provider: in_memory

It doesn't work, I just continue being redirected to the login page. How can I make it trigger the in_memory provider as a fallback? Thanks

tmilos commented 7 years ago

It's a general Symfony security question, and not directly related to lightsaml... but from the top of my head, you could try with custom entry point, or customer authentication handler... Maybe it would be better to ask for symfony support on it.

francescomalatesta commented 7 years ago

Hi @tmilos , thanks for the answer :) I posted here because I am getting this issue only when using this bundle and related provider :) I will keep you updated, in the meantime let me know if you have any ideas about that :) thanks

tmilos commented 7 years ago

Could you post an example of working fallbacks, so I could debug and find what's different in this case?

francescomalatesta commented 7 years ago

Sure!

Here's what I've done:

Test 1 - Working

I used a chained provider with the default FOSUserBundle provider as chain first element, and the "in_memory" provider as second. I can post an example snippet if you want, but it's just a basic chain provider.

If I go to a route that is protected by the firewall, If I am logged with the FOSUserBundle User I can access to it without issues. Otherwise, the basic auth dialog is prompted.

Test 2 - Not Working

I used this bundle and the two ways I have to declare a fallback are not working.

Way 1: use the chained provider in the default config for the bundle, like this:

my_firewall:
          pattern:  ^/saml
          security: true
          light_saml_sp:
              provider: my_chained_provider
              user_creator: my_saml_user_factory
              login_path: /login
              check_path: /saml/login_check
              always_use_default_target_path: true
              default_target_path: /admin
              require_previous_session: false
          logout:
              path: /logout

This is not working.

Way 2: the example I pasted up here. The symfony docs says that I can specify a fallback http basic auth in that way, by adding an "http_basic" element to the config. This is also not working.

As told before, I wrote here because I am experiencing this issue only with this bundle :(

Thanks

diesonne commented 6 years ago

@francescomalatesta did you find a solution to this ? I have the same problem