The page isn't redirecting properly
226 views
Skip to first unread message
jit
Jan 3, 2017, 8:25:30 AM1/3/17
to SimpleSAMLphp
we are trying to setup sso with custom mysql database but it is going into endless loop between below two requests.
POST http://192.168.0.15/simplesaml/module.php/core/loginuserpass.php
Set-Cookie
POST http://192.168.0.15/simplesaml/module.php/core/loginuserpass.php
Set-Cookie
PHPSESSID=d0eaabb959ffeb2a0dd20f4744945f8f; path=/; HttpOnly
SimpleSAMLAuthToken=_297a91e9a4e14c61d247427063201a39587396c2e3; path=/; httponly
http://192.168.0.15/simplesaml/module.php/core/loginuserpass.php?AuthState=_e3e75218660095b936b9582356bcbc7b1e26934876%3Ahttp%3A%2F%2F192.168.0.15%2Fsimplesaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dexample-sql%26ReturnTo%3Dhttp%253A%252F%252F192.168.0.2%252F%252Fver06%252Fapp.php
PHPSESSID=92688949c724d39e673eec73b0674de0; path=/; HttpOnly
192.168.0.15 is our sso server and 192.168.0.2 is the website which is requesting for sso.
Are we missing anything? also is there any client and server separation of sso modules for ease of use.
Thanks in advance.
Adam Zheng
Jan 4, 2017, 4:14:07 PM1/4/17
to SimpleSAMLphp
Hi,
Would you be willing to try setting session.phpsession.cookiename to something in the config? Does the SP on 192.168.0.2 also use phpsession? There can only be one php session.
If that does not work you could try using sql to store sessions instead of phpsession, since you already have an SQL server setup.
I am unsure what you mean by client/server module separation. Do you mean IdP/SP? If no saml:SP is defined in authsources, then there will be no SP functionality.
If there are no idp's enabled in config, then there will be no IdP functionality.
You can view whats enabled at https://192.168.0.15/simplesaml/module.php/core/frontpage_federation.php
jit
Jan 5, 2017, 6:10:54 AM1/5/17
to SimpleSAMLphp
Hi Adam,
we able to integrate simplesamlphp successfully. steps we are missing are configuring SP at each application end and specify that in respective metadata files in both (SP/IDP) end.
regarding separation we are saying about SP/IDP itself as login UI and other stuff should not required by SP code and other way around.
we are using sql session. can we expire sql session also after some time interval?
Thanks
we able to integrate simplesamlphp successfully. steps we are missing are configuring SP at each application end and specify that in respective metadata files in both (SP/IDP) end.
regarding separation we are saying about SP/IDP itself as login UI and other stuff should not required by SP code and other way around.
we are using sql session. can we expire sql session also after some time interval?
Thanks
Adam Zheng
Jan 6, 2017, 1:31:05 PM1/6/17
to SimpleSAMLphp
If you don't want "hosted" SP functionality on 192.168.0.15, you can remove any saml:SP entries in authsources.
The frontpage federation page will show you what SP's and IDP's you are running on that instance.
Assuming you are using SAML 2.0 IdP, the REMOTE SP metadata files will need to be saved to saml20-sp-remote.php (In your case whatever app that is running on 192.168.0.2, convert its XML and save its metadata to that file)
Then provide whatever SP you are trying to get working from 192.168.0.2 with metadata from your IdP, which in your case would be https://192.168.0.15/simplesaml/saml2/idp/metadata.php
You can set session times in the config.php. I don't usually bother with this as many of our vendors set their own SP session times.
Reply all
Reply to author
Forward
0 new messages