-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix/saml integration #13742
base: 5.x
Are you sure you want to change the base?
Fix/saml integration #13742
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## 5.x #13742 +/- ##
============================================
- Coverage 61.93% 61.93% -0.01%
Complexity 34196 34196
============================================
Files 2249 2249
Lines 102267 102268 +1
============================================
- Hits 63337 63336 -1
- Misses 38930 38932 +2
|
PHPStan still points out an issue. No need for the elseif, it will always be like that, you can just change the else condition. (If PHPstan is correct that is offcourse ;-) - |
Okay, so I tried to follow the steps but maybe I did something wrong. Had 2 issues:
|
@LordRembo could you please post the logs for that error so we might be able to track what's going on there? Thanks! |
@mollux looks like we have a PHPSTAN issue to fix here and some feedback, could you take a look please? This is blocking the 5.1 release so we need to get it over the line asap. |
Don't know if it's the full log, but here's the Mautic logs I got from that day:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I got to the login bit with the SAML screen:
but then had an error:
Unknown InResponseTo '_46768a6bfe387a488cccaf9c43b1ac33c1d9637919'
It seemed like it wasn't logged in, but then when I went back using the back button on the browser, it was actually logged in.
Now I can't reproduce that ... so it's ... a bit weird!
screencast-bpconcjcammlapcogcnnelfmaeghhagj-2024.05.31-13_56_24.webmHere's a screencast. I get to the Mautic login screen with the error, then I use the back button (on my mouse) and it goes back to the SAML (URL is http://localhost:8080/simplesaml/saml2/idp/SSOService.php?spentityid=https%3A%2F%2Fmautic.ddev.site&cookieTime=1717160195) and then logs into Mautic. |
…n be passed in a session
0490b6a
to
57a28cf
Compare
@RCheesley that's another SAML issue, not related to the broken M5 support (see also This PR fixes the code compatibility with M5 and the lightsaml dependency |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Based on the 'InResponseTo' error being a known existing bug then this works as expected!
next step is to merge Spbundle, update composer dependencies, and adapt this PR, doing that now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code makes sense, uses a specific AuthenticationException that does not serialize unneeded data. Looks good to me!
re-running failed codecov report test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Retested with latest commits, works as expected (with the existing error earlier reported)
8.1 test failure was due to rate limits on codecov - passing now. |
Description:
The SAML integration is broken, due to an incompatibility with the expected arguments in the
LightSaml\SpBundle
DefaultController
.This is addressed in mautic/SpBundle#2, and this PR is the proof that this works.
This PR should not be merged, but is a way to test this out.
Steps to test this PR:
This PR should be tested locally as it requires an usable IDP to test the SAML auth flow.
checkout this branch and run
composer update --lock
to get the changed lightsaml/sp-bundle dependency.Run a Mock simplesamlphp instance to be able to test the flow
Replace
<LOCAL_MAUTIC_URL>
with your local url, e.g.http://mautic.localhost
change the ports if needed if they conflict with your local setup.
go to
http://localhost:8080/simplesaml/saml2/idp/metadata.php?output=xhtml
and copy the metadata in xml format to a temp file (e.g.mautic_saml_test_metatada.xml
).go to
<LOCAL_MAUTIC_URL>/s/config/edit?tab=userconfig
and select your entity ID, upload the metadata.xml file, select a role to create users, and fill inemail
in the fieldsEmail
,First Name
andLast name
(we are testing, so no problem that the actual values are not correct). Clicksave
.go in an anonymous tab to
<LOCAL_MAUTIC_URL>
and you should be redirected to the simplesaml page (if you get there, that proofs this patch works)login with username
user1
and passwordpassword
you're redirected to Mautic and logged in as user1