besimple / besimplessoauthbundle Goto Github PK
View Code? Open in Web Editor NEWNOT MAINTAINED - SSO authentication providers (Cas for now) for Symfony2
NOT MAINTAINED - SSO authentication providers (Cas for now) for Symfony2
According to the documentation :
login_path
: path to redirect to when login needed.
It seems that it is actually not used by the bundle...
At least, setting it doesn't produce any effect.
Here is a sample of my app/config/security.yml (in case i just didn't get it):
security:
#...
firewalls:
#...
secured_area:
switch_user: true
anonymous: ~
pattern: ^/
form_login:
login_path: extranet_login
check_path: extranet_security_check
logout:
path: extranet_logout
target: extranet_login
http_basic:
realm: "Espace Prive"
trusted_sso:
manager: my_cas
login_path: /login
check_path: /login_check
login_action: ExtranetBundle:Default:login
logout_action: ExtranetBundle:Default:logout
create_users: false
created_users_roles: [ROLE_USER]
Can someone enlighten this out please?
Hello,
I have a new problem. I can't logout. If I try on my app.php, it redirects me to ..../app.php/login_check and says :
Oops! An Error Occurred
The server returned a "404 Not Found".
Something is broken. Please e-mail us at [email] and let us know what you were doing when this error occurred. We will fix it as soon as possible. Sorry for any inconvenience caused.
If I try on my app_dev.php, it redirects me to ..../app_dev.php/login_check and says :
Unable to find the controller for path "/login_check". Maybe you forgot to add the matching route in your routing configuration?
I don't understand, my login check is working because I can connect to my app and see my website.
Hi and excuse my english,
I'm trying to make a ternary relationship management Roles.
In my example I have 3 entities User, Role, and Lab.
I would like to have roles for a user based on lab in which is (we manage this by environment), I created a Profile entity with keys User and Lab. To this I added a relationship ManyToMany for Roles.
My problem comes when I redefined the method loadUserByUsername:
Once connected there is a difference in Roles between Token and Session.
What seems weird, if I switch on my own account I get well good Roles ...
So I implemented EquatableInterface to compare the Token and Session, it is the difference in Roles so it makes a refreshUser, and this is why I get this error in title.
Here is the code and thank you for your help
User.php
roles = array(); // } //========================================================================== // PROPERTIES //========================================================================== /_* - @Orm\Column(type="integer") - @Orm\Id - @Orm\GeneratedValue(strategy="AUTO") */ private $id; /** - @Orm\Column(type="string", length=255, unique=true) */ private $login; /** - @Orm\Column(type="string", length=45, unique=true) */ private $firstName; /** - @Orm\Column(type="string", length=45, unique=true) */ private $lastName; private $roles; //========================================================================== // GETTERS / SETTERS //========================================================================== /** - Get id * - @return integer */ public function getId() { return $this->id; } /** - Get login * - @return string */ public function getLogin() { return $this->login; } /** - Set login * - @param string $login - @return User */ public function setLogin($login) { $this->login = $login; return $this; } /** - Get firstName * - @return string */ public function getFirstName() { return $this->firstName; } /** - Set firstName * - @param string $firstName - @return User */ public function setFirstName($firstName) { $this->firstName = $firstName; return $this; } /** - Get lastName * - @return string */ public function getLastName() { return $this->lastName; } /** - Set lastName * - @param string $lastName - @return User */ public function setLastName($lastName) { $this->lastName = $lastName; return $this; } /** - Add roles * - @param \Uda\CoreBundle\Entity\Role $roles - @return User */ public function addRole(\Uda\CoreBundle\Entity\Role $roles) { $this->roles[] = $roles; return $this; } /** - Remove roles * - @param \Uda\CoreBundle\Entity\Role $roles _/ public function removeRole(\Uda\CoreBundle\Entity\Role $roles) { $this->roles->removeElement($roles); } /_* - Get roles * */ public function getRoles() { return is_array($this->roles) ? $this->roles : array('ROLE_USER'); } /** - Set roles * - @param string $roles */ public function setRoles($roles) { $this->roles = array(); if (is_array($roles)) $this->roles = $roles; return $this; } //========================================================================== // IMPLEMENTS //========================================================================== public function getUsername() { // seul lien pour symfony pour récupérer l'identifiant utilisateur return $this->login; } public function getSalt() { } public function getPassword() { } public function eraseCredentials(){ return true; } public function isAccountNonExpired() { return true; } public function isAccountNonLocked() { return true; } public function isCredentialsNonExpired() { return true; } public function isEnabled() { return true; } public function serialize() {return \serialize( array($this->id, $this->login) ); } public function unserialize($serialized) { list($this->id, $this->login) = \unserialize( $serialized ); } public function isEqualTo(UserInterface $user) { if ($user instanceof User) { $isEqual = count($this->getRoles()) == count($user->getRoles()); if ($isEqual) { foreach($this->getRoles() as $role) { $isEqual = $isEqual && in_array($role, $user->getRoles()); } } return $isEqual; } ``` return false; ``` } //========================================================================== // METHODS //========================================================================== } UserRepository.php getEntityManager() ->createQueryBuilder() ->select('p') ->from('UdaCoreBundle:Profile', 'p') ->innerJoin('p.user', 'u') ->innerJoin('p.lab', 'l') ->where('u.login = :login') ->andWhere('l.id = :lab_id') ->setParameter('login', $login) ->setParameter('lab_id', '1') ->getQuery(); try { // The Query::getSingleResult() method throws an exception // if there is no record matching the criteria. $profile = $q->getSingleResult(); $user = $profile->getUser(); $roles = array(); foreach ( $profile->getRoles() as $role ) { $roles[] = $role->getRole(); } $user->setRoles($roles); } catch (NoResultException $e) { throw new UsernameNotFoundException(sprintf('Unable to find an active admin UdaCoreBundle:User object identified by "%s".', $login), null, 0, $e); } return $user; } public function refreshUser(UserInterface $user) { return $this->loadUserByUsername($user->getUsername()); } public function supportsClass($class) { return true; } ``` } Role.php profiles = new ArrayCollection(); } //========================================================================== // PROPERTIES //========================================================================== /** - @var integer $id * - @Orm\Column(type="integer") - @Orm\Id - @Orm\GeneratedValue(strategy="AUTO") */ private $id; /** - @var string $role * - @Orm\Column(name="role", type="string", length=20, unique=true) */ private $role; /** - @var string $label * - @Orm\Column(name="label", type="string", length=45) */ private $label; /** - Profiles - - @var ArrayCollection - - @Orm\ManyToMany(targetEntity="Profile", mappedBy="roles") */ private $profiles; //========================================================================== // GETTERS / SETTERS //========================================================================== /** - Get id * - @return integer */ public function getId() { return $this->id; } /** - Get role // IMPLEMENTS * - @return string _/ public function getRole() { return $this->role; } /_* - Set role * - @param string $role - @return Role */ public function setRole($role) { $this->role = $role; return $this; } /** - Get label * - @return string _/ public function getLabel() { return $this->label; } /_* - Set label * - @param string $label */ public function setLabel($label) { $this->label = $label; } /** - Get profiless * - @return \Doctrine\Common\Collections\Collection */ public function getProfiles() { return $this->profiles; } /** - Add profiles * - @param \Uda\CoreBundle\Entity\Profile $profiles - @return Role */ public function addProfile(\Uda\CoreBundle\Entity\Profile $profiles) { $this->profiles[] = $profiles; return $this; } /** - Remove profiles * - @param \Uda\CoreBundle\Entity\Profile $profiles */ public function removeProfile(\Uda\CoreBundle\Entity\Profile $profiles) { $this->profiles->removeElement($profiles); } //========================================================================== // IMPLEMENTS //========================================================================== public function __toString() { return $this->getName(); } //========================================================================== // METHODS //========================================================================== } Lab.php id; } /** - Get graalId * - @return integer _/ public function getGraalId() { return $this->graalId; } /_* - Set graalId * - @param string $graalId */ public function setGraalId($graalId) { $this->graalId = $graalId; } /** - Get code * - @return string _/ public function getCode() { return $this->code; } /_* - Set code * - @param string $code */ public function setCode($code) { $this->code = $code; } /** - Get label * - @return string _/ public function getLabel() { return $this->label; } /_* - Set label * - @param string $label */ public function setLabel($label) { $this->label = $label; } //========================================================================== // METHODS //========================================================================== /** - Add users * - @param \Uda\CoreBundle\Entity\User $users - @return Role */ public function addUser(\Uda\CoreBundle\Entity\User $users) { $this->users[] = $users; return $this; } /** - Remove users * - @param \Uda\CoreBundle\Entity\User $users */ public function removeUser(\Uda\CoreBundle\Entity\User $users) { $this->users->removeElement($users); } /** - Get users * - @return \Doctrine\Common\Collections\Collection */ public function getUsers() { return $this->users; } }Hello
There is a bug with multiple provider in security.yml
ex :
1 provider for frontend
1 provider for backend
1 firewall for frontend
1 firewall for backend
the validation ticket is always execute with the first declaration in security.yml.
Hello,
new issue again, how can we get user information from the CAS ? Like id, cn, mail, etc ?? The goal is to add new users imported from the server.
Sorry, but I'm not sure of this. I guess that this line in BeSimple\SsoAuthBundle\Security\Core\Authentication\ProviderSsoAuthenticationProvider.php is wrong:
71: $token->setAttributes($token->getAttributes());
should be:
71: $token->setAttributes($validation->getAttributes());
The problem is that I'm trying to get the attributes from CAS and I don't know how. Reading the code to learn how do it, I found this line. It called my attention because you're setting from the same getting variable.
Please, can you add a composer.json file and add the package to packagist site? Thanks in advance.
Actually there are no way to get the attributes from the CAS Server (or any future SSO system).
I am developing an application in Symfony to manage multiple schools. The application has multiple databases, one for each school, and multiple CAS servers.
If I only manage a school, the configuration would be like this:
# config.yml
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://cas01.XXX.com/SCHOOLID/login
logout_url: https://cas01.XXX.com/SCHOOL_ID/logout
validation_url: https://cas01.XXX.com/SCHOOL_ID/serviceValidate
# security.yml
firewalls:
school:
pattern: ^/school/.*$
trusted_sso:
manager: admin_sso
login_action: false
logout_action: false
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
login_path: /school/login
check_path: /school/login_check
logout:
path: /school/logout
target: /school
With one school everything works fine.
Each school accesses the application through the path app.com/school/ID, for example app.com/school/29, app.com/school/54...
I wonder if there is way to have multiple dynamic firewall depending on the ID. And use this ID to redirect each CAS URL:
https://cas01.XXX.com/school_29/login, https://cas01.XXX.com/school_54/login ...
I created a new file: app/config/cas.php, and I've added some CAS servers settings
# CAS 14
$container->loadFromExtension('be_simple_sso_auth', array(
'cas_14' => array(
'protocol' => array(
'id' => 'cas',
'version' => '2'
),
'server' => array(
'id' => 'cas',
'login_url' => 'https://cas01.XXX.com/14/login',
'logout_url' => 'https://cas01.XXX.com/14/logout',
'validation_url' => 'https://cas01.XXX.com/14/serviceValidate',
),
),
));
# CAS 15
$container->loadFromExtension('be_simple_sso_auth', array(
'cas_15' => array(
'protocol' => array(
'id' => 'cas',
'version' => '2'
),
'server' => array(
'id' => 'cas',
'login_url' => 'https://cas01.XXX.com/15/login',
'logout_url' => 'https://cas01.XXX.com/15/logout',
'validation_url' => 'https://cas01.XXX.com/15/serviceValidate',
),
),
));
And i import this file in config.yml
imports:
- { resource: parameters.yml }
- { resource: cas.php }
- { resource: security.yml }
And i add a new firewall for each school:
firewalls:
backend_14:
pattern: ^/backend/school/14/.*$
trusted_sso:
manager: cas_14
login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
login_path: /backend/school/14/login
check_path: /backend/school/14/login_check
logout:
path: /backend/school/logout
target: /backend
backend_15:
pattern: ^/backend/school/15/.*$
trusted_sso:
manager: cas_15
login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
login_path: /backend/school/15/login
check_path: /backend/school/15/login_check
logout:
path: /backend/school/logout
target: /backend
And all goes right!
Now I'm trying to generate all cas.php configuration dynamic from the Entity School. First i try creating a method in SchoolController
public function loadCasConfig()
{
$em = $this->getDoctrine()->getManager();
$schools= $em->getRepository('SchoolBundle:School')
->findBy(array(), array('name'=> 'ASC'));
foreach ($schools as $school) {
$cas_name = 'cas_'.$school->getId();
$container->loadFromExtension('be_simple_sso_auth', array(
"$cas_name" => array(
'protocol' => array(
'id' => 'cas',
'version' => '2'
),
'server' => array(
'id' => 'cas',
'login_url' => "https://cas01.XXX.com/$school->getId()/login",
'logout_url' => "https://cas01.XXX.com/$school->getId()/logout",
'validation_url' => "https://cas01.XXX.com/$school->getId()/serviceValidate",
),
),
));
}
}
and call it on cas.php file
<?php
use Comp\BackendBundle\Controller\SchoolController;
SchoolController::loadCasConfig();
but i have this Exception:
FileLoaderLoadException: Cannot import resource
"C:\wamp\www\comp\app/config\cas.php" from
"C:\wamp\www\comp\app/config\config.yml". (Runtime Notice: Non-static method
Comp\BackendBundle\Controller\SchoolController::loadCasConfig() should not be
called statically, assuming $this from incompatible context in C:\wamp\www\comp\app\config\cas.php line 5)
:(. Then i try to insert the method code in the cas.php file:
use Doctrine\ORM\EntityManager;
use Comp\SchoolBundle\Entity\School;
$em = $this->getDoctrine()->getManager();
$schools= $em->getRepository('SchoolBundle:School')
->findBy(array(), array('name'=> 'ASC'));
foreach ($schools as $school) {
$cas_name = 'cas_'.$school->getId();
$container->loadFromExtension('be_simple_sso_auth', array(
"$cas_name" => array(
'protocol' => array(
'id' => 'cas',
'version' => '2'
),
'server' => array(
'id' => 'cas',
'login_url' => "https://cas01.XXX.com/$school->getId()/login",
'logout_url' => "https://cas01.XXX.com/$school->getId()/logout",
'validation_url' => "https://cas01.XXX.com/$school->getId()/serviceValidate",
),
),
));
}
and now i have:
FatalErrorException: Error: Call to undefined method
Symfony\Component\DependencyInjection\Loader\PhpFileLoader::getDoctrine() in
C:\wamp\www\comp\app\config\cas.php line 11
I'd like to know how I can dynamically generate the file cas.php, getting data from the database.
Hi,
I've been working 2 days to get this bundle working but still it doesn't authenticate me.
First off I had to rename all the namespaces in /Sso since all the classes don't gave the Sso prefix.
This caused a lot of "class not found" en "method not found" errors.
Now I have no errors but after authentication it seems like nothing is done with the returned token.
I just keep getting the external login url because i'm not an authenticated user.
When i set the login_action to false so it redirects immediately it will cause an infinite loop since i am authenticated on the CAS server. So the server will keep sending the token en the Bundle will keep redirecting to the login..
So I was wondering if this bundle is actually ready for use yet or still in initial development.
Kind Regards,
Christian Vermeulen
Hello,
i'm newbie with symfony 2 and i'm currently trying to use ssoauth bundle. I have few problems : first when i try to go on one of my webpages, a box tells me :
"An error occurred while loading the web debug toolbar (500: Internal Server Error).
Do you want to open the profiler?"
If I click on Cancel button, the box disappears. Then, every webpages are replace with this text :
"You need to authenticate
A Token was not found in the SecurityContext.
Follow this link to authenticate with external server : https://xxx.fr/xxx-cas-server/login?service=xxxx"
I click on the link, i log in but then symfony goes to app_dev/login_check which is a totally blank page.
What should I do to don't see the box error again ? And why it doesn't redirect me to the webpage I asked first instead of a blank page ?
Here is my config :
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
my_firewall:
trusted_sso:
manager: admin_sso
login_action: BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: BeSimpleSsoAuthBundle:TrustedSso:logout
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
access_control:
#- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
blogger_blog:
resource: "@BloggerBlogBundle/Resources/config/routing.yml"
prefix: /
login:
pattern: /login
logout:
pattern: /logout
login_check:
pattern: /login_check
imports:
- { resource: parameters.yml }
- { resource: security.yml }
framework:
#esi: ~
#translator: { fallback: "%locale%" }
secret: "%secret%"
router:
resource: "%kernel.root_dir%/config/routing.yml"
strict_requirements: ~
form: ~
csrf_protection: ~
validation: { enable_annotations: true }
templating:
engines: ['twig']
#assets_version: SomeVersionScheme
default_locale: "%locale%"
trusted_hosts: ~
trusted_proxies: ~
session:
# handler_id set to null will use default session handler from php.ini
handler_id: ~
fragments: ~
http_method_override: true
twig:
debug: "%kernel.debug%"
strict_variables: "%kernel.debug%"
assetic:
debug: "%kernel.debug%"
use_controller: false
bundles: [ ]
#java: /usr/bin/java
filters:
cssrewrite: ~
#closure:
# jar: "%kernel.root_dir%/Resources/java/compiler.jar"
#yui_css:
# jar: "%kernel.root_dir%/Resources/java/yuicompressor-2.4.7.jar"
doctrine:
dbal:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
charset: UTF8
# if using pdo_sqlite as your database driver, add the path in parameters.yml
# e.g. database_path: "%kernel.root_dir%/data/data.db3"
# path: "%database_path%"
orm:
auto_generate_proxy_classes: "%kernel.debug%"
auto_mapping: true
swiftmailer:
transport: "%mailer_transport%"
host: "%mailer_host%"
username: "%mailer_user%"
password: "%mailer_password%"
spool: { type: memory }
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://xxx.fr/xxxx-cas-server/login
logout_url: https://xxx.fr/xxx-cas-server/logout
validation_url: https://xxxx.fr/xx-cas-server/serviceValidate
Thank you.
Hi,
I need to enable an user on CAS authentication.
I've put my code in :
BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider\SsoAuthenticationProvider.php
it is the best way ?
thanks.
Hello,
I have not an user table in my project and the authentification is simple done with the cas server. I used an user provider which implements the UserFactoryInterface to run the create_user function.
So, first of all, is it the best way to autenticate a user without an user provider like an user table ?
If it is true, then, i return in the loaduserbyusername function an usernameNotFoundException to run the create_user function. In this function i create and return a user entity but it is not word. The create_user is running but i can't autenticate me.
Thanks your help.
William.
Hi,
The validation of the CAS ticket works correctly if the module php-curl is installed.
If php-curl not installed, the system use file_get_contents() function, but this generate an exception and a 500 HTTP error code.
Exception text :
"file_get_contents(https://cas.XXXXXX.YY/serviceValidate?service=http%3A%2F%2F127.0.0.1%2Fapp_dev.php%2Fprofil%2Flogin_check&ticket=ST-ZZZZZZZZZZZZZZZZZZZZZZ): failed to open stream: operation failed"
The problem is due to the replacement of the "&" character in the URL by it's html entity version (&).
Best regards.
David.
Is there any plan to support Symfony 2.3 ?
Hi,
I seem to have gotten it working (at least for the authentication part). I am able to see my username in the debug toolbar, however I am still at a loss of how I can use the other attributes that are provided by CAS such as email, id, address, etc.
Thanks!
Hello,
Do we have to write the loginAction() function expected by /login_check path
or is there a function already write for this job in the bundle ?
Thanks,
Benoît
I get this from my apache log after I returned from the CAS validation:
::1 - - [15/Jan/2012:10:27:26 +0100] "GET /simplesaml/module.php/casserver/login.php?service=http%3A%2F%2Flocalhost%2F%7Esergio%2Fconsigna%2Fweb%2Fapp_dev.php%2Flogin_check HTTP/1.1" 302 723
::1 - - [15/Jan/2012:10:27:26 +0100] "GET /simplesaml/module.php/casserver/serviceValidate.php?service=http%3A%2F%2Flocalhost%2F%7Esergio%2Fconsigna%2Fweb%2Fapp_dev.php%2Flogin_check&ticket=ST-607b07a3fb5c1aa87a2af35e64a19f46837078611f HTTP/1.1" 200 276
::1 - - [15/Jan/2012:10:27:26 +0100] "GET /simplesaml/module.php/casserver/serviceValidate.php?service=http%3A%2F%2Flocalhost%2F%7Esergio%2Fconsigna%2Fweb%2Fapp_dev.php%2Flogin_check&ticket=ST-607b07a3fb5c1aa87a2af35e64a19f46837078611f HTTP/1.1" 200 276
::1 - - [15/Jan/2012:10:27:26 +0100] "GET /~sergio/consigna/web/app_dev.php/login_check?ticket=ST-607b07a3fb5c1aa87a2af35e64a19f46837078611f HTTP/1.1" 302 565
The bundle is asking to the service Validation two times and this is a problem for me because the CAS server removes the ticket after the first access. Anyway, I guess this should not happen.
The first time is in SsoAuthBundle/Security/Http/Firewall/TrustedSsoAuthenticationListener.php and the second is in SsoAuthBundle/Security/Core/Authentication/Token/SsoToken.php
Hello,
I'm trying BeSimpleSsoAuthBundle but I have this error :
"Class 'Buzz\Client\Client' not found"
I installed Buzz library, I don't find the client class, I found clientInterface and abstract Client.
Thanks for your help.
Hello,
I'm not absolutely sure this is related to BeSimpleSsoAuthBundle, but I suspect it is :
In my twig template, I call this in the footer :
{% if is_granted('ROLE_ALLOWED_TO_SWITCH') %}
some text
{% endif %}
I have 2 firewalls :
The call to is_granted works well when accessing a page controlled by FosUserBundle's firewall. But when trying on the other firewall, I get this error :
Fatal error: Maximum function nesting level of '500' reached, aborting!
And in symfony's dev.log file, I get a lot of these :
[2012-03-09 11:07:46] security.INFO: Authentication exception occurred; redirecting to authentication entry point (The security context contains no authentication token. One possible reason may be that there is no firewall configured for this URL.) [] []
[2012-03-09 11:07:46] security.DEBUG: Calling Authentication entry point [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\RouterListener::onEarlyKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\SessionListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Component\Security\Http\Firewall::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\FrameworkBundle\EventListener\RouterListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.request" to listener "Symfony\Bundle\AsseticBundle\EventListener\RequestListener::onKernelRequest". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Symfony\Bundle\FrameworkBundle\DataCollector\RequestDataCollector::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ControllerListener::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\ParamConverterListener::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "Sensio\Bundle\FrameworkExtraBundle\EventListener\TemplateListener::onKernelController". [] []
[2012-03-09 11:07:46] event.DEBUG: Notified event "kernel.controller" to listener "JMS\SecurityExtraBundle\Controller\ControllerListener::onCoreController". [] []
Do you think it's a problem with BeSimpleSsoAuthBundle ?
And do you have any idea about how to deal with that ?
Thanks in advance
Regards
I everybody!
I'm new in symfony and wanted to configure sso authentication.
I use the example given in the bundle. Everything work fine. But i don't know how to configure the CAS server part, because the urls https://cas.server.tld/login, https://cas.server.tld/logout, https://cas.server.tld/serviceValidate don't work.
Please how to configure the CAS server? What are the steps?
Thks
Hi,
This bundle forces the SSLv3 option on cURL. With the POODLE attack, more and more servers are disabling SSLv3, which means this will start generating connection errors.
What's the reasoning behind forcing SSLv3? If we're forcing protocols, shouldn't we be forcing TLSv1 (constant 1)?
Hello,
I've tried to use this bundle to authenticate against this cas server : https://sso.paris.iufm.fr
And I've got this problem :
SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I don't see what is wrong with this certificate. Maybe curls database doesn't know TERENA certificates ?
Temporary solution : edit Curl.php in buzz library, and add line 143 :
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
It would be useful to be able to configure that via an option.
Regards
Hello,
I'm trying to make this bundle work with SF 2.1, but can't. my configuration is something like this
security:
firewalls:
secured:
pattern: ^/secured/.*$
trusted_sso:
manager: admin_sso
login_action: false
logout_action: false
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
check_path: /secured/login_check
login_path: /login
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: http://localhost:8888/login
logout_url: http://localhost:8888/logout
validation_url: http://localhost:8888/serviceValidate
but i'm redirected to login page after login success in my cas server. is there a chance to make this bundle work or is there any alternatives ?
Thanks.
How can I implement single sign-out? For example in phpCAS by calling the
phpCAS::handleLogoutRequests(false); before checking for authentication.
Thanks in advance.
Hi,
I installed this bundle.
My security.yml :
security:
factories:
- "%kernel.root_dir%/../vendor/bundles/BeSimple/SsoAuthBundle/Resources/config/security_factories.xml"
encoders:
Symfony\Component\Security\Core\User\User: plaintext
dav2\TestBundle\Entity\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
#in_memory:
# users:
# user: { password: userpass, roles: [ 'ROLE_USER' ] }
# admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
user_db:
entity: { class: dav2\TestBundle\Entity\User, property: username }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
my_firewall:
pattern: ^/
trusted_sso:
manager: my_manager
login_action: false
logout_action: false
access_control:
- { path: ^/crud, roles: ROLE_ADMIN }
I have this error with URL ^/crud (access_control), the other URL are ok.
If I use the provider "in-memory" and not "user_db", I don't have this problem.
Thanks for your help.
Looks like #16 references this issue, but the "fix" doesn't appear to actually be a fix. I think there's a real bug present when a user needs to be re-authenticated.
My user class implements EquatableInterface
and I have a method isEqualTo
which determines if the serialized User
object is the same as the refreshed User
object. The behavior of comparing these two objects is described towards the bottom of this Cookbook page.
When the user has indeed changed, like a new role being added, my isEqualTo
method properly returns false. However, I then get the following exception:
FatalErrorException: Error: Call to a member function validateCredentials() on a non-object in /Users/bkosborne/Sites/test/vendor/besimple/sso-auth-bundle/BeSimple/SsoAuthBundle/Security/Core/Authentication/Provider/SsoAuthenticationProvider.php line 78
Looks like the $token
that's passed to authenticate
on SsoAuthenticationProvider
does not have its $manager
property set. Not sure why, I've been struggling to understand the complexities of the Security component for a few days now.
Hello,
How can we get, with this bundle, the login and logout path or url for rendering in twig ?
I tried to do path('login') because I thought it was managed by the bundle but they say a controller is required.
Thank you,
Jérémy
Hello,
I'm trying to use BeSimpleSsoAuthBundle along with FOSUserBundle and FR3DLdapBundle. It works almost fine but I got a problem when I log out.
Once logged out, I try to log in again but I get the famous "The controller must return a response (null given). Did you forget to add a return statement somewhere in your controller?" on login_check.
Actually, if I clear the cache and try to log in, I don't have any problem.
But if I try to log in after having logged out, without clearing the cache in the meantime, I come out with the exception above.
Am I at the right place to ask this question ? Anyway thanks forward for your help
I'm trying to use this bundle in a project but it is giving me some problems.
#config.yml
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://cas.XXX.com/ID/login
logout_url: https://cas.XXX.com/ID/logout
#validation_url: https://cas.XXX.com/ID/serviceValidate
# parameters.yml
parameters:
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false
#security.yml
security:
providers:
# Proveedor administradores
administradores:
memory:
users:
admin: { password: 123456, roles: ROLE_ADMIN}
firewalls:
# Backend
backend:
pattern: ^/backend/.*$
trusted_sso:
manager: admin_sso
login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
create_users: true
created_users_roles: [ROLE_USER, ROLE_ADMIN]
check_path: /backend/login_check
login_path: /backend/login
use_referer: true
access_control:
- { path: ^/backend, roles: ROLE_ADMIN }
I create this memory providers because if not i get this error message:
InvalidConfigurationException: The child node "providers" at path "security" must be configured.
Then when i access to /backend it redirect to login URL: https://cas.XXX.com/ID/login, up here all right! but when I start session it redirect to:
/backend/login_check?ticket=ST-1383036359rD96A55DD1B77B754D4
and i have a Exception
<url> malformed
500 Internal Server Error - ClientException
I know thats is because of the "?ticket=ST-1383036359rD96A55DD1B77B754D4" but i dont know how to solve.
thanks!
Hi,
Thx for the great job on this plugin 🍺
I'm having an issue about the logout config. Here is mine:
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
my_firewall:
pattern: ^/
anonymous: ~
logout:
path: /secured/logout
target: /
trusted_sso:
manager: websso
login_action: false
logout_action: false
login_path: /secured/login
check_path: /secured/check
always_use_default_target_path: true
default_target_path: /
failure_path: /secured/logout
The logout target path is not used. In fact, on logout, it's the check_url path passed to my SSO. So I'm redirected to a 404 page: http://myserver/secured/check
(without token, I get a 404).
I think the issue is in the Cas Server class:
class Server extends AbstractServer
{
/**
* @return string
*/
public function getLogoutUrl()
{
return sprintf('%s?service=%s', parent::getLogoutUrl(), urlencode($this->getCheckUrl()));
}
As you can see, the "CheckUrl" is used for logout. What I need after a logout is to be redirected to the homepage.
I don't know neither if the 404 error on my check url is normal, maybe that's the real bug here?
Hi,
I try to use the SsoAuthBundle but when I Log In I'm imediately log out. In the log file I have:
[2011-12-08 11:33:05] security.INFO: Authentication request failed: Authentication has not been validated by SSO provider. [] []
[2011-12-08 11:33:05] security.DEBUG: Redirecting to /secured/logout [] []
I search in the code but I don't understand what's wrong, is anybody have an idea ?
I'm trying to find the best approach to setup functional tests for my app that uses this bundle. One of the approaches in the Symfony docs is to manually create a security token and then assign it to the security context.
The token used by this bundle is a bit more complicated than the standard UsernamePasswordToken
used in the example.
Hello,
I need to get the userRole for my app. How do I get it via SsoAuthBundle ?
Thanks.
Exception parameters error on
SsoAuthBundle/Security/Core/Authentication/Provide/rSsoAuthenticationProvider.php Line 150 :
throw new AuthenticationServiceException($repositoryProblem->getMessage(),$username, 0, $repositoryProblem);
Must be :
throw new AuthenticationServiceException($repositoryProblem->getMessage().' '.$username, 0, $repositoryProblem);
From my investigation, it seems like it is incorrect to hard code the check_path
parameter for the service validation.
Should the service provided to the validateService method on an cas server just be the current url, with the ticket parameter removed?
I am overriding the TrustedSsoAuthenticationListener
in our implementation to do the above at the moment.
The reason for this is as follows:
My service url can differ between login requests, to include a redirect parameter to be handled by the symfony2 authentication success handler. Example:
My service provided to the cas server could be:
http://www.domain.dev/auth/login_check?_target_path=https%3A%2F%2Fwww.domain.com%2Fpath
The _target_path
should can vary.
Symfony would then pick this up after authentication: https://github.com/symfony/symfony/blob/4aab341d59ba217a70e7c114c73ac00a61e75377/src/Symfony/Component/Security/Http/Authentication/DefaultAuthenticationSuccessHandler.php#L94
However, due to:
The service is incorrectly passed back to the SSO server for validation, and validation will fail due to non matching services between login and validation. My feeling, as above, is the service should be the current url, minus the ticket parameter.
Thoughts?
Hi everyone.
I just setup symfony and this bundle, I tried to configure it but it seems I am doing something wrong.
my security.yml contains :
my_firewall:
pattern: ^/
trusted_sso:
manager: admin_sso
create_users: false
login_action: false
logout_action: false
login_path: /login
check_path: /login_check
my routing.yml contains :
login:
pattern: /login
login_check:
pattern: /login_check
and my config.yml contains :
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://cas.*.fr/login
logout_url: https://cas.*.fr/logout
validation_url: https://cas.*.fr/serviceValidate
So as defined in my security.yml, as soon as I try to browse my application, I am redirected to my cas login url, this is perfect. Anyway, when I login or when I am already logged, I have an error from my browser because of too many redirections :
cas login --> sf login_check --> sf login --> cas login ...
Thank you in advance for any help you can provide me !
The way to register security factories changed in Symfony master. Instead of asking the end-user to put a link to a file in its security config, each bundle can now register factories in its build
method.
To support master, you have 2 choices:
build
to check if the method is available in the security extension (i.e. you are in master)What way do you prefer ?
I can provide help for the implementation if you need it.
Bonjour,
J'ai installé ce bundle et après maintes péripétie, tout à l'air de fonctionner.
Au moment du login, cela vérifie bien la présence du token, cela récupère mon user, le set en session mais au moment de la redirection à ma home page que j'ai configuré dans le security.yml dans le target_path, je suis bien redirigé mais dans une nouvelle session.
Donc je perd mon authentification.
La reponse retournée par :
$response = $this->successHandler->onAuthenticationSuccess($request, $token);
Est une 302 de redirection.
Es ce normal?
Quelqu'un a déjà eu ce cas là? ou aurait une idée?
Merci par avance pour vos réponse car cela fait déjà un moment que je planche sur le sujet.
Dear, I have the following configuration:
"require" : {
"php" : ">=5.3.3",
"symfony/symfony" : "2.3.*",
"doctrine/orm" : ">=2.2.3,<2.4-dev",
"doctrine/doctrine-bundle" : "1.2.*",
"twig/extensions" : "1.0.*",
"symfony/assetic-bundle" : "2.3.*",
"symfony/swiftmailer-bundle" : "2.3.*",
"symfony/monolog-bundle" : "2.3.*",
"sensio/distribution-bundle" : "2.3.*",
"sensio/framework-extra-bundle" : "2.3.*",
"sensio/generator-bundle" : "2.3.*",
"incenteev/composer-parameter-handler" : "~2.0",
"besimple/sso-auth-bundle" : "1.0.*@dev"
},
"config.yml"
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://{dominioServerCAS}/service-auth/login #https://cas.server.tld/login
logout_url: https://{dominioServerCAS}/service-auth/logout #https://cas.server.tld/logout
#validation_url: #https://cas.server.tld/serviceValidate
"security"
intranet:
pattern: ^/cas/.*$
trusted_sso:
manager: admin_sso
login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
login_path: /cas/login
check_path: /cas/login_check
#create_users: true
#created_users_roles: [ROLE_USER, ROLE_ADMIN]
"parameters.yml"
.
.
be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false
The system redirects me correctly to the CAS server and when I returned and I authenticate my application (with the correct ticket cas), I get the following error:
malformed
500 Internal Server Error - ClientException
"Stack Trace"
in C:\devweb\wamp\www\symfony\path\vendor\kriswallsmith\buzz\lib\Buzz\Client\Curl.php at line 29 -
$errorMsg = curl_error($this->lastCurl);
$errorNo = curl_errno($this->lastCurl);
throw new ClientException($errorMsg, $errorNo);
}
static::populateResponse($this->lastCurl, $data, $response);
"Logs"
CRITICAL - Uncaught PHP Exception Buzz\Exception\ClientException: " malformed" at C:\devweb\wamp\www\symfony\path\vendor\kriswallsmith\buzz\lib\Buzz\Client\Curl.php line 29
I hope your help, but I think it is a bug in the bundle
Lucas.-
Hello,
Since my first issue, my Symony security mecanism comprehension is better, maybe correct.
The bundle works pretty fine with an "in_memory provider", I can match paths with roles in the access_control with success, I'm logged in and authenticated
But with a based provider (mysql and pdo_mysql driver) which is working with 2 entities; User and Role (ManyToMany)
without any access_control properties enabled I'm logged in but not Authenticated, and an important point, roles are correctly loaded (I've seen it in the profiler).
Nevertheless, when I use any access_control properties, I've got a php fatal error which concerns the bundle:
[code]
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP Fatal error: Call to a member function validateCredentials() on a non-object in /home/bdelmotte/www/sf2/vendor/besimple/sso-auth-bundle/BeSimple/SsoAuthBundle/Security/Core/Authentication/Provider/SsoAuthenticationProvider.php on line 78, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP Stack trace:, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 1. {main}() /home/bdelmotte/www/sf2/web/app_dev.php:0, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 2. Symfony\Component\HttpKernel\Kernel->handle() /home/bdelmotte/www/sf2/web/app_dev.php:28, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 3. Symfony\Bundle\FrameworkBundle\HttpKernel->handle() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:617, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 4. Symfony\Component\HttpKernel\HttpKernel->handle() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:1566, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 5. Symfony\Component\HttpKernel\HttpKernel->handleRaw() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:1390, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 6. Symfony\Component\HttpKernel\Debug\ContainerAwareTraceableEventDispatcher->dispatch() /home/bdelmotte/www/sf2/app/bootstrap.php.cache:1410, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 7. Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher->dispatch() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ContainerAwareTraceableEventDispatcher.php:78, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 8. Symfony\Component\EventDispatcher\EventDispatcher->dispatch() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:4931, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 9. Symfony\Component\HttpKernel\Debug\ContainerAwareTraceableEventDispatcher->doDispatch() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:4713, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 10. call_user_func() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ContainerAwareTraceableEventDispatcher.php:139, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 11. Symfony\Component\Security\Http\Firewall->onKernelRequest() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/HttpKernel/Debug/ContainerAwareTraceableEventDispatcher.php:139, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 12. Symfony\Component\Security\Http\Firewall\AccessListener->handle() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:5773, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 13. Symfony\Component\Security\Core\Authentication\AuthenticationProviderManager->authenticate() /home/bdelmotte/www/sf2/vendor/symfony/symfony/src/Symfony/Component/Security/Http/Firewall/AccessListener.php:65, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
[Mon Nov 12 11:00:23 2012] [error] [client ::1] PHP 14. BeSimple\SsoAuthBundle\Security\Core\Authentication\Provider\SsoAuthenticationProvider->authenticate() /home/bdelmotte/www/sf2/app/cache/dev/classes.php:5959, referer: http://localhost/sf2/web/app_dev.php/_profiler/50a0c8341caca?panel=security
Is there something due to me behind this problem ? or is it a really problem with the compatibility between the bundle and a based provider ?
cordially,
Benoît
I've got problem to enable this library with Symfony 2.5
When I want to open restricted page - I've got information that I need to be logged in. And there is a link to my CAS server. I can login there but after that - I get this error:
Controller "BeSimple\SsoAuthBundle\Controller\TrustedSsoController::loginAction()" requires that you provide a value for the "$manager" argument (because there is no default value or because there is a non optional argument after this one).
I use Symfony 2.2.11, and the BeSimpleSsoAuth bundle (ref 4ba8ada) for the SSO-CAS authentication.
When I logout, I'm correctly redirected to the logout page of the SSO. Then the SSO redirects me to the /login_check on my webapp and that finally redirects me to the login page. That's (almost) fine for me. The “almost” comes from the fact that I don't understand why I'm redirected to the login_check, rather than the root given that my security.yml file contains:
firewalls:
people:
pattern: ^/
switch_user: true
trusted_sso:
manager: my_cas
login_action: false
logout_action: false
create_users: false
logout:
path: /logout
target: /
access_control:
- { path: ^/owner/*, roles: ROLE_OWNER }
- { path: ^/user/*, roles: ROLE_USER }
I thought the target would mean where the logout page should redirect. There is an additional problem: if I happen to log in again from the page I've been redirected to, then I will be directly redirected to /login_check which will give the following error:
Unable to find the controller for path "/login_check". Maybe you forgot to add the matching route in your routing configuration?
But if I directly access to the root of my app (let's say http://localhost/test/web/app_dev.php), I'm being redirected to:
In that case, I access /login_check without any trouble, compared to the other case where I have an error. What is the difference? And, side question, why am I redirected to /login_check after logout?
Thanks!
In my composer.json:
"besimple/sso-auth-bundle": "*"
../composer.phar update besimple/sso-auth-bundle
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.
Problem 1
- The requested package besimple/sso-auth-bundle could not be found in any version, there may be a typo in the package name.
Potential causes:
Read http://getcomposer.org/doc/articles/troubleshooting.md for further common problems.
Hey, great bundle!
I am using this bundle successfully, but I am having trouble configuring the logout page.
I am trying to use the built in functionality to intercept login/logout requests but the logout portion seems to function incorrectly. When a user accesses a logout link in our application, they are brought to the logout redirect page, but all of the user data is still refreshed from our user provider. Symfony shows the user as unauthenticated in the profiler. If the logout page is refreshed, the user data is no longer reloaded and the token is gone. We are loading our user data from an oracle database using doctrine after SSO authentication. Here is my firewall config:
providers:
db_users:
entity: { class: MyCoreBundle:MyUser}
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login$
security: false
firewall:
pattern: ^/
trusted_sso:
manager: my_sso
login_action: MyCoreBundle:SsoLogin:login
logout_action: MyCoreBundle:SsoLogin:logout
login_path: /login
check_path: /login_check
logout: true
I can post our User entity and UserProvider, but they are very basic, taken from all the examples. My login/logout actions are different cause we are overriding your controller.
Hello,
AuthenticationServiceException is thrown with bad parameter in the file Security/Core/Authentication/Provider/SsoAuthenticationProvider.php at lines 150 and 177.
There is 4 parameters instead of 3.
Best regards.
David.
I am doing a web project with symfony2 that involves a CAS server: http://www.jasig.org/cas unfortunately I cannot make it working. I have tried several configurations and anything of what I do is correct. This is the flux that I am expecting to do for any user that wants to be logged:
Following your instructions from the rep, here are all my configurations:
For the config.yml
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://cas_server.fi/cas/login
validation_url: https://cas_server.fi/cas/serviceValidate
For the security.yml
security:
encoders:
Symfony\Component\Security\Core\User\User: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
user: { password: userpass, roles: [ 'ROLE_USER' ] }
admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
my_firewall:
pattern: ^/
anonymous: ~
trusted_sso:
manager: admin_sso
login_action: false
create_users: true
created_users_roles: [ROLE_ADMIN]
check_path: /
The cas server provided me two .crt files that I have already installed in my Ubuntu 13.10. Or at least I what I think... however any of this previous configurations do not seem to want these certificates since I cannot specify where the bundle can find them. Anyway it does not work yet so this step maybe is irrelevant.
So, what happens now is the next:
To manage this /login I have in routing.yml in my own bundle:
ss_web_login:
path: /login
defaults: { _controller: BeSimpleSsoAuthBundle:TrustedSso:login }
I have checked this controller and it looks like it draws an anchor to "somewhere" (I guess is the login form of my cas server.
Let's continue... as I said, the user is being redirected to /login but I get an error:
Controller "BeSimple\SsoAuthBundle\Controller\TrustedSsoController::loginAction()" requires that you provide a value for the "$manager" argument (because there is no default value or because there is a non optional argument after this one).
It happens because the BeSimpleSsoAuthBundle:TrustedSso:login expects different parameters:
public function loginAction(Manager $manager, Request $request, AuthenticationException $exception = null)
But nobody is passing these parameters that it expects. What should I do?
Please, if you have ANY other suggestion about make this working I will really appreciate.
Thank you so much.
Hello,
Sorry to ask the question here, but I am stucked trying to make the bundle works to authenticate against a CAS server.
I am a newbie with Symfony, perhaps I missed something easy... Depending on my tests, my protected application always redirects me to the "/login" or "/login_check" URL with a "No route found" error, after retrieving a PT on my CAS server.
Does anybody have a working conf ?
app/config/security.yml contains :
...
firewalls:
my_hello:
pattern: ^/hello/.*$
trusted_sso:
manager: my_cas
login_action: BeSimpleSsoAuthBundle:TrustedSso:login
logout_action: false
factories:
- "%kernel.root_dir%/../vendor/bundles/BeSimple/SsoAuthBundle/Resources/config/security_factories.xml"
app/config/config.yml :
be_simple_sso_auth:
my_cas:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://cas.xxx.fr/cas/login
logout_url: https://cas.xxx.fr/cas/logout
validation_url: https://cas.xxx.fr/cas/serviceValidate
Any help appreciated !
Hi everyone.
I'm actualy working on a project using your bundle with Symfony 2.4. I configured my project as shown in exemple.md. Sadly, it works only with users defined in security.yml (in memory provider).
If i use an entity provider (users defined in database), or if the user doesn't exist, it creates an inifnite loop :
login -> cas login -> login_check -> login -> cas login -> ...
Am I doing something wrong ?
config.yml
# Sso Bundle
be_simple_sso_auth:
admin_sso:
protocol:
id: cas
version: 2
server:
id: cas
login_url: https://auth.XXX.fr/cas/login
logout_url: https://auth.XXXfr/cas/logout
validation_url: https://auth.XXX.fr/cas/serviceValidate
security.yml
encoders:
MyApp\G2CBundle\Entity\HarpUtilisateur:
algorithm: sha1
encode_as_base64: false
iterations: 1
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
in_memory:
memory:
users:
login-test : { password: pwd-test , roles: ROLE_USER }
in_database:
entity: { class: MyAppG2CBundle:HarpUtilisateur, property: uid }
firewalls:
my_firewall:
pattern: ^/g2c/.*$
provider : in_database # this cause an infinite loop, it works using in_memory
trusted_sso:
manager: admin_sso
login_path: /g2c/login
check_path: /g2c/login_check
default_target_path: /g2c/hello/toto
login_action: false
logout_action: false
create_users: false
logout:
path: /g2c/logout
target: /
PS: I put some var_dump() in SsoAuthenticationProvider, the SsoToken is built properly, the user is provided (a MyApp\G2CBundle\Entity\HarpUtilisateur object).
Thank you in advance for any help you can provide me !
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.