search

nbgrp / onelogin-saml-bundle

OneLogin SAML Symfony Bundle
BSD 3-Clause "New" or "Revised" License
44 stars 16 forks source link

500 Error: Attribute not found, but present in SAML data #53

Closed nbennett25 closed 6 months ago

nbennett25 commented 6 months ago

I have a Symfony 6.4 container and a boxy/mock-saml container configured in a docker compose file. I believe I have everything connected / configured properly - the containers start up, and when I go to the app home page (localhost:8000) I am redirected to the saml container's login (localhost:4000).

The Attributes configured in the AttributeStatement of the SAML data are minimal - id, email, firstName, lastName - I updated the security.yaml to use the id as the identifier:

security:
    firewalls:
        main:
            provider: saml_provider
            saml:
               identifier_attribute: id

However, after logging in to the SAML container, I'm redirected back to the app container on 8000, but an error is thrown saying that the id attribute cannot be found:

RuntimeException:
Attribute "id" not found in SAML data.

  at vendor/nbgrp/onelogin-saml-bundle/src/Security/Http/Authenticator/SamlAuthenticator.php:198
  at Nbgrp\OneloginSamlBundle\Security\Http\Authenticator\SamlAuthenticator->extractIdentifier()
     (vendor/nbgrp/onelogin-saml-bundle/src/Security/Http/Authenticator/SamlAuthenticator.php:145)
  at Nbgrp\OneloginSamlBundle\Security\Http\Authenticator\SamlAuthenticator->createPassport()
     (vendor/nbgrp/onelogin-saml-bundle/src/Security/Http/Authenticator/SamlAuthenticator.php:96)
  at Nbgrp\OneloginSamlBundle\Security\Http\Authenticator\SamlAuthenticator->authenticate()
     (vendor/symfony/security-http/Authenticator/Debug/TraceableAuthenticator.php:70)
  at Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticator->authenticate()
     (vendor/symfony/security-http/Authentication/AuthenticatorManager.php:176)
  at Symfony\Component\Security\Http\Authentication\AuthenticatorManager->executeAuthenticator()
     (vendor/symfony/security-http/Authentication/AuthenticatorManager.php:158)
  at Symfony\Component\Security\Http\Authentication\AuthenticatorManager->executeAuthenticators()
     (vendor/symfony/security-http/Authentication/AuthenticatorManager.php:140)
  at Symfony\Component\Security\Http\Authentication\AuthenticatorManager->authenticateRequest()
     (vendor/symfony/security-http/Firewall/AuthenticatorManagerListener.php:40)
  at Symfony\Component\Security\Http\Firewall\AuthenticatorManagerListener->authenticate()
     (vendor/symfony/security-http/Authenticator/Debug/TraceableAuthenticatorManagerListener.php:68)
  at Symfony\Component\Security\Http\Authenticator\Debug\TraceableAuthenticatorManagerListener->authenticate()
     (vendor/symfony/security-bundle/Debug/WrappedLazyListener.php:46)
  at Symfony\Bundle\SecurityBundle\Debug\WrappedLazyListener->authenticate()
     (vendor/symfony/security-http/Firewall/AbstractListener.php:26)
  at Symfony\Component\Security\Http\Firewall\AbstractListener->__invoke()
     (vendor/symfony/security-bundle/Debug/TraceableFirewallListener.php:83)
  at Symfony\Bundle\SecurityBundle\Debug\TraceableFirewallListener->callListeners()
     (vendor/symfony/security-http/Firewall.php:95)
  at Symfony\Component\Security\Http\Firewall->onKernelRequest()
     (vendor/symfony/event-dispatcher/Debug/WrappedListener.php:116)
  at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke()
     (vendor/symfony/event-dispatcher/EventDispatcher.php:220)
  at Symfony\Component\EventDispatcher\EventDispatcher->callListeners()
     (vendor/symfony/event-dispatcher/EventDispatcher.php:56)
  at Symfony\Component\EventDispatcher\EventDispatcher->dispatch()
     (vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:139)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch()
     (vendor/symfony/http-kernel/HttpKernel.php:157)
  at Symfony\Component\HttpKernel\HttpKernel->handleRaw()
     (vendor/symfony/http-kernel/HttpKernel.php:76)
  at Symfony\Component\HttpKernel\HttpKernel->handle()
     (vendor/symfony/http-kernel/Kernel.php:197)
  at Symfony\Component\HttpKernel\Kernel->handle()
     (vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35)
  at Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run()
     (vendor/autoload_runtime.php:29)
  at require_once('/var/www/html/vendor/autoload_runtime.php')
     (public/index.php:5)

But inspecting the SAML data with the Chrome extensions clearly shows the id attribute present:

Screen Shot 2024-04-03 at 3 10 18 PM

Thoughts? work arounds?

(Is there something broken with that SAML XML structure?)

nbennett25 commented 6 months ago

The IdP I was using was returning the Name property in the Attribute node instead of the FriendlyName property, & I had the use_attribute_friendly_name setting in the config set to true - setting this to false allowed me to log in.