rmoreas / shibbolethbundle Goto Github PK
View Code? Open in Web Editor NEWSymfony 2 bundle for shibboleth authentication
License: GNU Lesser General Public License v3.0
Symfony 2 bundle for shibboleth authentication
License: GNU Lesser General Public License v3.0
Is possible making a Laravel 5 integration?
Hi,
I have follow the bundle install and the configuration, but I have a bug. My application speak with the federation IdP but the response is not read by the bundle. So when an unauthenticated user click on the secure link, my application redirect the unauthenticated user to shibboleth and this one redirect to the CAS service. The user is now authenticated by CAS service and return to shibboleth and this one redirect to my application. But... The bundle don't find that the user is authenticated in the $request and my application redirect to the shibboleth. The user is already authenticated in shibboleth and.... redirect to my application.
So it's giving an infinite loop...
The IdP send the information what I need (I have do some tests) but the bundle cannot catch them.
I have try to look in the shibbolethLister.php, in the handle() function but the code connat pass the:
"if (!$this->shibboleth->isAuthenticated($request)) { return; }"
What can I do to catch the shibboleth parameters in the $request in return from the federation web site please ?
The attributes common name, surname and given name can contain special characters (eg: ô, é, ë) but are lost when converted to a replacement character because an utf8_decode is applied.
It isn't stated anywhere if this bundle is for Shibboleth 2, or 1.x, can you clarify?
Currently shibboleth attributes are only captured from request headers so it's needed to use "ShibUseHeaders On". This is usefull when the application is behind a reverse proxy also doing the shibboleth authentication, but if not behind a reverse proxy, it's recommeded to use environment variables in stead of headers to avoid spoofing of headers.
We should add the possibility to enable use of server variables or headers.
Hello,
Thanks for your work!
I was wondering if our bundle works on Symfony3 ?
I'm trying to find a way to install it on a new project, and I have a lot of issues with the configuration.
Thank you in advance for your answer
Hello,
Is it possible to have a demo symfony project to test your bundle ?
Are you going to maintain this bundle for new symfony versions ?
Regards,
R.
The logout redirect is malformed. The route generates URL like:
Shibboleth.sso/Logout?return=%3Freturn%3Dhttps%3A%2F%2Fdme-mac-0039.med.ad10.intern.kuleuven.ac.be%2Fapp_dev.php%2F
instead of:
Shibboleth.sso/Logout?return=https%3A%2F%2Fdme-mac-0039.med.ad10.intern.kuleuven.ac.be%2Fapp_dev.php%2F
Hi ^^
I have another infinite loop probleme. Now my application can load a user register in the database. But if he is not, the application loop to shibboleth.
I'm not good with User and UserProvider mecanic so I have create a User Class in Entity Directory....
namespace Acme\HomeBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;
/**
Acme\HomeBundle\Entity\User
*
@Orm\Table(name="acme_auth_users")
@Orm\Entity(repositoryClass="Acme\HomeBundle\Entity\UserRepository")
/
class User implements UserInterface
{
/*
/**
/**
/**
/**
/**
public function __construct()
{
$this->isActive = true;
$this->salt = md5(uniqid(null, true));
}
/**
/**
/**
/**
/**
.....and write this in the security.yml :
providers:
shibboleth:
entity: { class: AcmeHomeBundle:AuthUser, property: username }
All work if the user is in the db... but if he is not .... loop and loop....
I think that I need to do write a 403 redirect somewhere in your bundle but I don't know where...
Can you help me please ? :'(
Hello,
Do you have any interest in creating release tags for this bundle? I load your bundle as a dependency of other bundles I've created. So, composer in my main project, for which I am not a fan of using minimum-stability=dev, gets unhappy because your bundle as a 3rd tier dependency is not stable, for example:
- ucsf-iam/shibauthbundle 0.1.5 requires kuleuven/shibboleth-bundle dev-master -> satisfiable by kuleuven/shibboleth-bundle[dev-master] but these conflict with your requirements or minimum-stability.
I can always fork and create my own tags, of course. But before I make an perfect mirror of your work, I thought'd I'd ask about tags first.
Thanks,
Jason Gabler
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.