NaxYo
commented
6 years ago I keep feeling like I'm losing something on the flow... it doesn't look right to be serializing the SamlSpResponseToken instead of resolving the user straight away.
I can work around the issue by adding:
// LightSaml\SpBundle\Security\Authentication\Token\SamlSpResponseToken
public function serialize() {
return serialize(
array(
\is_object($this->response) ? clone $this->response : $this->response
)
);
}
public function unserialize($serialized) {
list($this->response) = unserialize($serialized);
}And it does work, but yeah, it doesn't feel right and it should be failing for everyone, what doesn't makes any sense to me.
I'm setting lightSAML SpBundle v1.2.0 (Symfony 2.8.44) for the first time and it seems to be partially working, but I'm having the following issue after getting my login_check redirection (IdP user exists and it does match user resolution):
The problem doesn't seem to come from the custom username mapper since the same thing happens with the default one.
Interesting fact that when the framework sets the token on the token storage, I have the response attribute there (vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php:209), but when it recovers from the session for unserializing, I get:
Where there is clearly no reference to the Response (or any other valuable information). I couldn't find much more by debugging, so not sure if it's a configuration issue on my end or a legit bug. Thanks either way!