Redirection after authentication
2,984 views
Skip to first unread message
Loris
Jun 24, 2012, 3:38:28 PM6/24/12
to simpleSAMLphp
Hi everybody.
I am new to simpleSAMLphp.
I am trying to develop and test a plugin for a web application
developed with symfony 1.4, in order to use the application as a
service provider with simpleSAMLphp authentication.
Normally, when a user tries to access the page
http://127.0.0.1/frontend_dev.php/profile, he's redirected to the
login form,
and after having logged in, redirected again to the page where he came
from.
Now, I managed to obtain that, instead of the ordinary login form, the
user
is redirected to simpleSAMLphp login page.
But when the user logs in, he should be redirected to
http://127.0.0.1/frontend_dev.php/profile, but he's not and he gets a
page stating "The page isn't redirecting properly. Firefox has
detected
that the server is redirecting the request for this address in a way
that will never complete."
The URL that I see in the browser is the following:
http://127.0.0.1/saml/module.php/core/loginuserpass.php?AuthState=_8eefdfc6458fc9d1707526db59e4747da2f6e7d993%3Ahttp%3A%2F%2F127.0.0.1%2Fsaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dexample-userpass%26ReturnTo%3Dhttp%253A%252F%252F127.0.0.1%252Ffrontend_dev.php%252Fprofile
The "ReturnTo" part actually states the correct address.
In the log file, I can read lines saying:
Session: 'example-userpass' not valid because we are not
authenticated.
Template: Reading [/var/schoolmesh/lib/vendor/simplesamlphp/
dictionaries/login]
Deleting state: '_5a5d67a06a044003a5aee98ee6e8916665152fca1d'
Session: doLogin("example-userpass")
Session: 'example-userpass' not valid because we are not
authenticated.
Session: Valid session found with 'example-userpass'.
the latter being repeated many other times (the complete log is here:
http://pastebin.com/jnHsQynK).
If the user points the browser directly to
http://127.0.0.1/saml/module.php/core/authenticate.php?as=example-userpass,
he can see that he is authenticated:
------------
Your attributes
User ID loris
Affiliation
member
loris
------------
My plugin's logs show that the function isAuthenticated() of the
instance of class SimpleSAML_Auth_Simple that I created returns false.
Could anybody help me giving me some advice about what I could
investigate further?
Thank you in advance
Loris
I am new to simpleSAMLphp.
I am trying to develop and test a plugin for a web application
developed with symfony 1.4, in order to use the application as a
service provider with simpleSAMLphp authentication.
Normally, when a user tries to access the page
http://127.0.0.1/frontend_dev.php/profile, he's redirected to the
login form,
and after having logged in, redirected again to the page where he came
from.
Now, I managed to obtain that, instead of the ordinary login form, the
user
is redirected to simpleSAMLphp login page.
But when the user logs in, he should be redirected to
http://127.0.0.1/frontend_dev.php/profile, but he's not and he gets a
page stating "The page isn't redirecting properly. Firefox has
detected
that the server is redirecting the request for this address in a way
that will never complete."
The URL that I see in the browser is the following:
http://127.0.0.1/saml/module.php/core/loginuserpass.php?AuthState=_8eefdfc6458fc9d1707526db59e4747da2f6e7d993%3Ahttp%3A%2F%2F127.0.0.1%2Fsaml%2Fmodule.php%2Fcore%2Fas_login.php%3FAuthId%3Dexample-userpass%26ReturnTo%3Dhttp%253A%252F%252F127.0.0.1%252Ffrontend_dev.php%252Fprofile
The "ReturnTo" part actually states the correct address.
In the log file, I can read lines saying:
Session: 'example-userpass' not valid because we are not
authenticated.
Template: Reading [/var/schoolmesh/lib/vendor/simplesamlphp/
dictionaries/login]
Deleting state: '_5a5d67a06a044003a5aee98ee6e8916665152fca1d'
Session: doLogin("example-userpass")
Session: 'example-userpass' not valid because we are not
authenticated.
Session: Valid session found with 'example-userpass'.
the latter being repeated many other times (the complete log is here:
http://pastebin.com/jnHsQynK).
If the user points the browser directly to
http://127.0.0.1/saml/module.php/core/authenticate.php?as=example-userpass,
he can see that he is authenticated:
------------
Your attributes
User ID loris
Affiliation
member
loris
------------
My plugin's logs show that the function isAuthenticated() of the
instance of class SimpleSAML_Auth_Simple that I created returns false.
Could anybody help me giving me some advice about what I could
investigate further?
Thank you in advance
Loris
Jason Judge
Jun 24, 2012, 4:35:54 PM6/24/12
to simple...@googlegroups.com
Sounds like it is going into an endless loop. In your application during the page startup, you need to detect that you are returning from SSP - if the user is logged into that, and they are not logged into the local application, then you need to log them in locally, then ensure you do not send them back to the login page.
Personally, I do not automatically send people to the IdP login page. I just put a page up that says, "you need to be logged in to access content on this page, please {click here to log in}". That way it avoids these endless loops, and avoids the user being stuck in a login page (often on a different domain to the main site), not wanting to log in, but unable to go back a page to select another page in the application, without being thrown back to the login page again.
-- Jason
Personally, I do not automatically send people to the IdP login page. I just put a page up that says, "you need to be logged in to access content on this page, please {click here to log in}". That way it avoids these endless loops, and avoids the user being stuck in a login page (often on a different domain to the main site), not wanting to log in, but unable to go back a page to select another page in the application, without being thrown back to the login page again.
-- Jason
Loris
Jun 27, 2012, 2:52:53 AM6/27/12
to simpleSAMLphp
On Jun 24, 10:35 pm, Jason Judge <jason.dju...@gmail.com> wrote:
> Sounds like it is going into an endless loop. In your application during
> the page startup, you need to detect that you are returning from SSP - if
> the user is logged into that, and they are not logged into the local
> application, then you need to log them in locally, then ensure you do not
> send them back to the login page.
Thank you for your answer.
> Sounds like it is going into an endless loop. In your application during
> the page startup, you need to detect that you are returning from SSP - if
> the user is logged into that, and they are not logged into the local
> application, then you need to log them in locally, then ensure you do not
> send them back to the login page.
What I do not understand is why
SimpleSAML_Auth_Simple::isAuthenticated() returns false, while if the
user points the browser straight to saml page, he sees he *is*
authenticated.
I will try to investigate further, adding log messages in the process.
> Personally, I do not automatically send people to the IdP login page. I
> just put a page up that says, "you need to be logged in to access content
> on this page, please {click here to log in}". That way it avoids these
> endless loops, and avoids the user being stuck in a login page (often on a
> different domain to the main site), not wanting to log in, but unable to go
> back a page to select another page in the application, without being thrown
> back to the login page again.
sfGuardPlugin is the same, and it works well.
Loris
Wei PubWei
Nov 21, 2014, 3:49:52 PM11/21/14
to simple...@googlegroups.com, loris....@gmail.com
Hi Loris,
I also encounter similiar issue in wordpress web application using simplesamlphp.
after successful authentication from IDP, my SP side always false by isAuthenticated().
Could you give some reason for this?
More detail:
Wiking
Reply all
Reply to author
Forward
0 new messages