Nbgrp_onlelogin_saml.yaml and .env variables

[Amenessisse]

Hello,

I have found a problem with the config file of this library.

The "binding" parameters don't seems to allow environnement variables.

Example :

nbgrp_onelogin_saml:
  use_proxy_vars: true
  onelogin_settings:
    default:
      # Basic settings
      idp:
        entityId: "%env(SAML_IDP_ENTITY_ID)%"
        singleSignOnService:
          url: "%env(SAML_SINGLE_SIGN_ON_SERVICE_URL)%"
          binding: "%env(SAML_SINGLE_SIGN_ON_SERVICE_BINDING)%"

The error we encounter :

Invalid configuration for path "nbgrp_onelogin_saml.onelogin_settings.default.idp.singleSignOnService.binding": invalid value.

How i fixed this error :

binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"

This behavior is managed in src/DependencyInjection/Configuration.php :

->scalarNode('binding')
    ->validate()
        ->ifTrue(static fn ($value): bool => !str_starts_with($value, 'urn:oasis:names:tc:SAML:2.0:bindings:'))
        ->thenInvalid('invalid value.')
    ->end()
->end()

It seems like this value " %env()%" is not replaced before the call of validate() method.

Is it really mandatory to have this verification or is there another way to achieve the desired result ?

Thanks.

Configuration :

Php : 8.1.8 Symfony : 6.2 Nbgrp_login_saml : 1.3.2

[a-menshchikov]

Hi @Amenessisse The validation seems as necessary, and it doesn't support env values (as I know). But as binding parameter should starts with urn:oasis:names:tc:SAML:2.0:bindings: any way, you can customize its value using environment variable (if you really need it). It will looks something like this: binding: "urn:oasis:names:tc:SAML:2.0:bindings:%env(SAML_SINGLE_SIGN_ON_SERVICE_BINDING_SUFFIX)%".