SSOCircle 不断重定向到同意页面 SAML2.0
SSOCircle keeps redirecting to Consent page SAML2.0
我正在使用 SSOCircle 通过 Codeigniter 测试我的 SAML 实现。当前步骤是:
- 访问website.com
- 重定向到 SSOCircle 同意页面
- 验证身份
- 将用户数据传回 website.com
然而,在第3步之后,它进入第4步并立即返回到第3步。
这是我的代码:
public function index()
{
$data['languages']= get_all_languages();
$sp_auth = 'default-sp';
try {
$auth = new SimpleSAML_Auth_Simple($sp_auth);
$auth->requireAuth(array(
'ReturnTo' => $this->data['controller'],
'KeepPost' => FALSE,
));
$attributes = $auth->getAttributes();
var_dump($attributes);
} catch (Error $e) {
print_r($e);
}
}
我认为我的重定向可能是它不断调用同意页面的原因。但是,当添加另一个 url 以使用此功能访问时
public function auth(){
$attributes = $auth->getAttributes();
var_dump($attributes);
}
我收到这个错误:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
1 www/_include.php:45 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: SimpleSAML_Error_Exception: No authentication source with id 'Login/Auth' found.
Backtrace:
2 lib/SimpleSAML/Auth/Source.php:335 (SimpleSAML_Auth_Source::getById)
1 modules/saml/www/sp/saml2-acs.php:12 (require)
0 www/module.php:135 (N/A)
更新
我最近注意到 SSOCircle 实际上 returns 回到了我的登录页面。但是,它会立即将其重定向回 SSOCircle 页面。不确定这是否有帮助
更新 2
我刚刚检查了日志,我收到了这个警告
Mar 12 23:26:26 simplesamlphp WARNING [da20d4a7a3] Could not load state specified by InResponseTo: NOSTATE Processing response as unsolicited.
我被告知这是因为丢失了状态信息。但是我检查了我的 cookie 名称,它们是匹配的。我还错过了什么?
https://github.com/simplesamlphp/simplesamlphp/wiki/State-Information-Lost
更新:
后续段落假设当您修改代码以避免循环重定向时,您已确保:
Configure the authentication module:**
On unix, this can be done by running (from the SimpleSAMLphp
installation directory):
touch modules/exampleauth/enable
The next step is to create an authentication source with this module.
An authentication source is an authentication module with a specific
configuration. Each authentication source has a name, which is used to
refer to this specific configuration in the IdP configuration.
Configuration for authentication sources can be found in
config/authsources.php.
In this setup, this file should contain a single entry:
<?php
$config = array(
'example-userpass' => array(
'exampleauth:UserPass',
'student:studentpass' => array(
'uid' => array('student'),
'eduPersonAffiliation' => array('member', 'student'),
),
'employee:employeepass' => array(
'uid' => array('employee'),
'eduPersonAffiliation' => array('member', 'employee'),
),
),
);
This configuration creates two users - student and employee, with the
passwords studentpass and employeepass. The username and password is
stored in the array index (student:studentpass for the student-user.
The attributes for each user is configured in the array referenced by
the index. For the student user, these are:
array(
'uid' => array('student'),
'eduPersonAffiliation' => array('member', 'student'),
),
The attributes will be returned by the IdP when the user logs on.
Mismatch between PHP session settings for the application and SimpleSAMLphp
If both the application you are trying to add SAML 2.0 support to and
SimpleSAMLphp uses PHP session for session storage, and they don't
agree on all the parameters, you can end up with this error. By
default, SimpleSAMLphp uses the settings from php.ini, but these can
be overridden in config/config.php.
If this is the cause of your error, you have two choices:
然后由于处理 simpleSAMLphp 和 codeIgniter 之间的会话发生冲突而发生 No authentication source with id 错误。
解决方案 1:更改 SimpleSAMLphp 以使用不同的会话存储方法
解决方案是将 simpleSAMLphp 设置为使用 phpsession 以外的东西,因为 Memcached 存在问题最好的方法是将其设置为 'sql'.您在 simplesamlphp/config/config.php:
中执行此操作
/*
* Configure the datastore for simpleSAMLphp.
*
* - 'phpsession': Limited datastore, which uses the PHP session.
* - 'memcache': Key-value datastore, based on memcache.
* - 'sql': SQL datastore, using PDO.
*
* The default datastore is 'phpsession'.
*
* (This option replaces the old 'session.handler'-option.)
*/
'store.type' => 'sql',
解决方案 2:更改会话设置以匹配应用程序和 SimpleSAMLphp:
如果您决定使会话设置匹配,则应更改 php.ini 中的设置。这是为了确保设置适用于使用默认设置的所有内容。 php.ini 中的以下选项必须与应用程序使用的设置相匹配:
- session.save_handler: This is the method that is used to store the session. The default is "files".
- session.save_path: This is the location the session files are saved. The default depends on your PHP installation.
- session.name: This is the name of the session cookie. The default is "PHPSESSID".
- session.cookie_path: The path that the session cookie is limited to. The default is "/", which means that it is available to all
pages on your domain.
- session.cookie_domain: This is the domain the session cookie is limited to. The default is unset, which makes the cookie available
only to the current domain.
请查看the docs了解更多信息
如果还是不行,作为最后的手段:try disabling varnish caching
来源:
https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin/issues/7
https://www.drupal.org/project/simplesamlphp_auth
我正在使用 SSOCircle 通过 Codeigniter 测试我的 SAML 实现。当前步骤是:
- 访问website.com
- 重定向到 SSOCircle 同意页面
- 验证身份
- 将用户数据传回 website.com
然而,在第3步之后,它进入第4步并立即返回到第3步。
这是我的代码:
public function index()
{
$data['languages']= get_all_languages();
$sp_auth = 'default-sp';
try {
$auth = new SimpleSAML_Auth_Simple($sp_auth);
$auth->requireAuth(array(
'ReturnTo' => $this->data['controller'],
'KeepPost' => FALSE,
));
$attributes = $auth->getAttributes();
var_dump($attributes);
} catch (Error $e) {
print_r($e);
}
}
我认为我的重定向可能是它不断调用同意页面的原因。但是,当添加另一个 url 以使用此功能访问时
public function auth(){
$attributes = $auth->getAttributes();
var_dump($attributes);
}
我收到这个错误:
SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
1 www/_include.php:45 (SimpleSAML_exception_handler)
0 [builtin] (N/A)
Caused by: SimpleSAML_Error_Exception: No authentication source with id 'Login/Auth' found.
Backtrace:
2 lib/SimpleSAML/Auth/Source.php:335 (SimpleSAML_Auth_Source::getById)
1 modules/saml/www/sp/saml2-acs.php:12 (require)
0 www/module.php:135 (N/A)
更新
我最近注意到 SSOCircle 实际上 returns 回到了我的登录页面。但是,它会立即将其重定向回 SSOCircle 页面。不确定这是否有帮助
更新 2
我刚刚检查了日志,我收到了这个警告
Mar 12 23:26:26 simplesamlphp WARNING [da20d4a7a3] Could not load state specified by InResponseTo: NOSTATE Processing response as unsolicited.
我被告知这是因为丢失了状态信息。但是我检查了我的 cookie 名称,它们是匹配的。我还错过了什么?
https://github.com/simplesamlphp/simplesamlphp/wiki/State-Information-Lost
更新: 后续段落假设当您修改代码以避免循环重定向时,您已确保:
Configure the authentication module:**
On unix, this can be done by running (from the SimpleSAMLphp installation directory):
touch modules/exampleauth/enableThe next step is to create an authentication source with this module. An authentication source is an authentication module with a specific configuration. Each authentication source has a name, which is used to refer to this specific configuration in the IdP configuration. Configuration for authentication sources can be found in config/authsources.php.
In this setup, this file should contain a single entry:
<?php $config = array( 'example-userpass' => array( 'exampleauth:UserPass', 'student:studentpass' => array( 'uid' => array('student'), 'eduPersonAffiliation' => array('member', 'student'), ), 'employee:employeepass' => array( 'uid' => array('employee'), 'eduPersonAffiliation' => array('member', 'employee'), ), ), );This configuration creates two users - student and employee, with the passwords studentpass and employeepass. The username and password is stored in the array index (student:studentpass for the student-user. The attributes for each user is configured in the array referenced by the index. For the student user, these are:
array( 'uid' => array('student'), 'eduPersonAffiliation' => array('member', 'student'), ),The attributes will be returned by the IdP when the user logs on.
Mismatch between PHP session settings for the application and SimpleSAMLphp
If both the application you are trying to add SAML 2.0 support to and SimpleSAMLphp uses PHP session for session storage, and they don't agree on all the parameters, you can end up with this error. By default, SimpleSAMLphp uses the settings from php.ini, but these can be overridden in config/config.php.
If this is the cause of your error, you have two choices:
然后由于处理 simpleSAMLphp 和 codeIgniter 之间的会话发生冲突而发生 No authentication source with id 错误。
解决方案 1:更改 SimpleSAMLphp 以使用不同的会话存储方法
解决方案是将 simpleSAMLphp 设置为使用 phpsession 以外的东西,因为 Memcached 存在问题最好的方法是将其设置为 'sql'.您在 simplesamlphp/config/config.php:
中执行此操作/*
* Configure the datastore for simpleSAMLphp.
*
* - 'phpsession': Limited datastore, which uses the PHP session.
* - 'memcache': Key-value datastore, based on memcache.
* - 'sql': SQL datastore, using PDO.
*
* The default datastore is 'phpsession'.
*
* (This option replaces the old 'session.handler'-option.)
*/
'store.type' => 'sql',
解决方案 2:更改会话设置以匹配应用程序和 SimpleSAMLphp:
如果您决定使会话设置匹配,则应更改 php.ini 中的设置。这是为了确保设置适用于使用默认设置的所有内容。 php.ini 中的以下选项必须与应用程序使用的设置相匹配:
- session.save_handler: This is the method that is used to store the session. The default is "files".
- session.save_path: This is the location the session files are saved. The default depends on your PHP installation.
- session.name: This is the name of the session cookie. The default is "PHPSESSID".
- session.cookie_path: The path that the session cookie is limited to. The default is "/", which means that it is available to all pages on your domain.
- session.cookie_domain: This is the domain the session cookie is limited to. The default is unset, which makes the cookie available
only to the current domain.
请查看the docs了解更多信息
如果还是不行,作为最后的手段:try disabling varnish caching
来源:
https://github.com/zl4bv/CakePHP-simpleSAMLphp-Plugin/issues/7
https://www.drupal.org/project/simplesamlphp_auth