Open jberanek opened 5 years ago
So after a lot of troubleshooting I'm not sure what the real cause is but it seems to be something to do with sessions.
I've managed to get SAML auth to work by commenting out line 122 in init.inc
//init_sessions();
Does SAML auth take care of all the session stuff by itself or do its init_sessions() later?
Original comment by: slartimitvar
I got a SimplSaml error when trying to access the Login page. When testing my SimplSaml using the Authentication Test in it's interface I was able to get authenticated (so SSP is setup correctly). I also commented out your line 122, and it gave me the MRBS page but it tells me the user is -invalid- so I'm guessing this won't work. Now, I've uncommented the line 122 out and going back to the site and it is giving me the root of my site to day.php, and I have the site in a folder called saml_clr when I click the login page.
Original comment by: warnertaylor
Hey, I found this support request that helped my url issue. I'm still having an issue with -invalid- though. https://sourceforge.net/p/mrbs/support-requests/1836/
Original comment by: warnertaylor
In your saml auth config what do you have set for $auth['saml']['attr']['username'] ? I think the value here needs to match an attribute name being returned from your SAML idp.
In my orignal question above I have it set as $auth['saml']['attr']['username'] = 'uid'; Then in my ssp->attributes being returned from my idp i have one called 'uid' which contains the username value. [uid] => Array ( [0] => barry )
This logs me in as barry.
Original comment by: slartimitvar
Thanks, I've gotten the session working (with line 122 commented out) and it is showing my name and log off button. Thanks so much!
Original comment by: warnertaylor
Hi.
I cannot ever get MRBS to successfully authenticate using SAML and am beginning to wonder if there is anyone out there who can.
I have a working simplesamlphp installation (v 1.17.6) and MRBS 1.7.3 with the following saml config params:
simplesamlphp debug logs show authentication succeeding all the way up to:
But is then followed immediately by seven repeated lines of:
I don't have authentication required on the normally public pages such as day.php, so just refreshing the page shouldn't try to get authenticated but I can become successfully authenticated with a separate TESTAUTH script but refreshing the MRBS day.php page will instantly un-authenticate me:
My TESTAUTH script shows the ssp->attributes as the following when authenticated:
Reported by: *anonymous
Original Ticket: mrbs/support-requests/1844