search

nuxsmin / sysPass

Systems Password Manager
https://syspass.org
GNU General Public License v3.0
976 stars 209 forks source link

Access with Single Sign On #1725

Open triballo opened 3 years ago

triballo commented 3 years ago

sysPass v 3.1

Hello everybody, I am an avid supporter of this wonderful project that I have been using for several years. I have always used login with LDAP but have never been able to configure the SSO function correctly. On the net I searched everywhere but I never found a specific guide that was helpful for a correct configuration. Although I have enabled SSO everywhere in the graphical interface of the portal, every time I try to log in to the home, it offers me the username and password fields and I can only access with AD credentials via LDAP and not via SSO. Is anyone able to give me some advice on how to do some debugging to understand where am I wrong?

Selfmade-RuLeZ commented 2 years ago

Well, I might be too late for you, but I freaked out too on this issue some months ago. To be more clear: You have to provide a Basic Authentication Header with base64 encoded credentials (username:password). Then you will see the login mask where you are able to just click on login with empty crednetials to login with SSO. My thought was, that I get redirected to the main page with SSO but learned that I have to click on login to get logged in with SSO.

FooBarTrixibell commented 2 years ago

I am not 100% clear on your answer, SSO is still a bag of worms to me!

Do you do that with mod_rewrite -

RequestHeader set Authorization "Basic <base64-encoded login+password>"

in which case where does the user/pass come from?

Or with mod_ntlm which seems to offer

NTLMOfferBasic
NTLMBasicPreferred

Do you possibly have an example apache config?

Sorry if I am asking dumb questions!

Selfmade-RuLeZ commented 2 years ago

unfortunately I have to say no. I tried to let authelia be a SSO Provider which is not possible. My answer refered to manual adding the Header via a Plugin to try out how it works. I can not give you any apache configs either as I use nginx reverse proxy with the sysPass docker container behind.

triballo commented 2 years ago

Well, I might be too late for you, but I freaked out too on this issue some months ago. To be more clear: You have to provide a Basic Authentication Header with base64 encoded credentials (username:password). Then you will see the login mask where you are able to just click on login with empty crednetials to login with SSO. My thought was, that I get redirected to the main page with SSO but learned that I have to click on login to get logged in with SSO.

Unfortunately it does not work, clicking on the login button returns the "Login error" error, analyzing the syspass logs I detect the following messages:

`[2022-01-31 08:46:07] syspass.EXCEPTION: logger {"message":"Errore nel localizzare l'utente in LDAP

0 /var/www/html/syspass/lib/SP/Providers/Auth/Ldap/LdapAuth.php(156): SP\Providers\Auth\Ldap\LdapActions->getAttributes(String)

1 /var/www/html/syspass/lib/SP/Providers/Auth/Ldap/LdapAuth.php(121): SP\Providers\Auth\Ldap\LdapAuth->getAttributes(String)

2 /var/www/html/syspass/lib/SP/Providers/Auth/AuthProvider.php(119): SP\Providers\Auth\Ldap\LdapAuth->authenticate(Object(SP\DataModel\UserLoginData))

3 /var/www/html/syspass/lib/SP/Providers/Auth/AuthProvider.php(97): SP\Providers\Auth\AuthProvider->authLdap()

4 /var/www/html/syspass/lib/SP/Services/Auth/LoginService.php(154): SP\Providers\Auth\AuthProvider->doAuth(Object(SP\DataModel\UserLoginData))

5 /var/www/html/syspass/app/modules/web/Controllers/LoginController.php(65): SP\Services\Auth\LoginService->doLogin()

6 [internal function]: SP\Modules\Web\Controllers\LoginController->loginAction()

7 /var/www/html/syspass/lib/SP/Bootstrap.php(240): call_user_func_array(Array,Array)

8 [internal function]: SP\Bootstrap->SP{closure}(Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)

9 /var/www/html/syspass/vendor/klein/klein/src/Klein/Klein.php(879): call_user_func(Object(Closure),Object(Klein\Request),Object(Klein\Response),Object(Klein\ServiceProvider),Object(Klein\App),Object(Klein\Klein),Object(Klein\DataCollection\RouteCollection),Array)

10 /var/www/html/syspass/vendor/klein/klein/src/Klein/Klein.php(588): Klein\Klein->handleRouteCallback(Object(Klein\Route),Object(Klein\DataCollection\RouteCollection),Array)

11 /var/www/html/syspass/lib/SP/Bootstrap.php(464): Klein\Klein->dispatch(Object(Klein\Request))

12 /var/www/html/syspass/lib/Base.php(75): SP\Bootstrap->run(Object(DI\Container))

13 /var/www/html/syspass/index.php(28): require(String)","caller":"N/A"}

[2022-01-31 08:46:07] syspass.EXCEPTION: logger {"message":"Login errato`