rmoreas / shibbolethbundle Goto Github PK

Is possible making a Laravel 5 integration?

Hi,

I have follow the bundle install and the configuration, but I have a bug. My application speak with the federation IdP but the response is not read by the bundle. So when an unauthenticated user click on the secure link, my application redirect the unauthenticated user to shibboleth and this one redirect to the CAS service. The user is now authenticated by CAS service and return to shibboleth and this one redirect to my application. But... The bundle don't find that the user is authenticated in the $request and my application redirect to the shibboleth. The user is already authenticated in shibboleth and.... redirect to my application.

So it's giving an infinite loop...

The IdP send the information what I need (I have do some tests) but the bundle cannot catch them.

I have try to look in the shibbolethLister.php, in the handle() function but the code connat pass the:

"if (!$this->shibboleth->isAuthenticated($request)) { return; }"

What can I do to catch the shibboleth parameters in the $request in return from the federation web site please ?

The attributes common name, surname and given name can contain special characters (eg: ô, é, ë) but are lost when converted to a replacement character because an utf8_decode is applied.

It isn't stated anywhere if this bundle is for Shibboleth 2, or 1.x, can you clarify?

Currently shibboleth attributes are only captured from request headers so it's needed to use "ShibUseHeaders On". This is usefull when the application is behind a reverse proxy also doing the shibboleth authentication, but if not behind a reverse proxy, it's recommeded to use environment variables in stead of headers to avoid spoofing of headers.

We should add the possibility to enable use of server variables or headers.

Hello,

Thanks for your work!

I was wondering if our bundle works on Symfony3 ?
I'm trying to find a way to install it on a new project, and I have a lot of issues with the configuration.

Thank you in advance for your answer

Hello,

Is it possible to have a demo symfony project to test your bundle ?

Are you going to maintain this bundle for new symfony versions ?

Regards,

R.

The logout redirect is malformed. The route generates URL like:

Shibboleth.sso/Logout?return=%3Freturn%3Dhttps%3A%2F%2Fdme-mac-0039.med.ad10.intern.kuleuven.ac.be%2Fapp_dev.php%2F

instead of:

Shibboleth.sso/Logout?return=https%3A%2F%2Fdme-mac-0039.med.ad10.intern.kuleuven.ac.be%2Fapp_dev.php%2F

Hi ^^

I have another infinite loop probleme. Now my application can load a user register in the database. But if he is not, the application loop to shibboleth.

I'm not good with User and UserProvider mecanic so I have create a User Class in Entity Directory....

namespace Acme\HomeBundle\Entity;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\User\EquatableInterface;
/**

• Acme\HomeBundle\Entity\User
  *

• @Orm\Table(name="acme_auth_users")

• @Orm\Entity(repositoryClass="Acme\HomeBundle\Entity\UserRepository")
  /
  class User implements UserInterface
  {
  /*

  • @Orm\Column(type="integer")
  • @Orm\Id
  • @Orm\GeneratedValue(strategy="AUTO")
    */
    private $id;

  /**

  • @Orm\Column(type="string", length=25, unique=true)
    */
    private $username;

  /**

  • @Orm\Column(type="string", length=32)
    */
    private $salt;

  /**

  • @Orm\Column(type="string", length=40)
    */
    private $password;

  /**

  • @Orm\Column(type="string", length=60, unique=true)
    */
    private $email;

  /**

  • @Orm\Column(name="is_active", type="boolean")
    */
    private $isActive;

  public function __construct()
  {
  $this->isActive = true;
  $this->salt = md5(uniqid(null, true));
  }

  /**

  • @inheritdoc
    */
    public function getUsername()
    {
    return $this->username;
    }

  /**

  • @inheritdoc
    */
    public function getSalt()
    {
    return $this->salt;
    }

  /**

  • @inheritdoc
    */
    public function getPassword()
    {
    return $this->password;
    }

  /**

  • @inheritdoc
    */
    public function getRoles()
    {
    return array('ROLE_USER');
    }

  /**

  • @inheritdoc
    */
    public function eraseCredentials()
    {
    }
    public function isEqualTo(UserInterface $user)
    {
    return $this->username === $user->getUsername();
    }
    }

.....and write this in the security.yml :

providers:
shibboleth:
entity: { class: AcmeHomeBundle:AuthUser, property: username }

All work if the user is in the db... but if he is not .... loop and loop....

I think that I need to do write a 403 redirect somewhere in your bundle but I don't know where...

Can you help me please ? :'(

Hello,

Do you have any interest in creating release tags for this bundle? I load your bundle as a dependency of other bundles I've created. So, composer in my main project, for which I am not a fan of using minimum-stability=dev, gets unhappy because your bundle as a 3rd tier dependency is not stable, for example:

- ucsf-iam/shibauthbundle 0.1.5 requires kuleuven/shibboleth-bundle dev-master -> satisfiable by kuleuven/shibboleth-bundle[dev-master] but these conflict with your requirements or minimum-stability.

I can always fork and create my own tags, of course. But before I make an perfect mirror of your work, I thought'd I'd ask about tags first.

Thanks,

Jason Gabler