Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to configure BeSimpleSsoAuthBundle #48

Open
JavierGrinon opened this issue Oct 29, 2013 · 3 comments
Open

How to configure BeSimpleSsoAuthBundle #48

JavierGrinon opened this issue Oct 29, 2013 · 3 comments

Comments

@JavierGrinon
Copy link

I'm trying to use this bundle in a project but it is giving me some problems.

#config.yml
    be_simple_sso_auth:
        admin_sso:
            protocol:
                id: cas
                version: 2
            server:
                id: cas
                login_url: https://cas.XXX.com/ID/login
                logout_url: https://cas.XXX.com/ID/logout
                #validation_url: https://cas.XXX.com/ID/serviceValidate

# parameters.yml
parameters:
    be_simple.sso_auth.client.option.curlopt_ssl_verifypeer.value: false

#security.yml
    security:

        providers:
            # Proveedor administradores
            administradores:
                memory:
                    users:
                        admin: { password: 123456, roles: ROLE_ADMIN}

    firewalls:
        # Backend
        backend:
            pattern: ^/backend/.*$
            trusted_sso:
                manager: admin_sso
                login_action: false #BeSimpleSsoAuthBundle:TrustedSso:login
                logout_action: false #BeSimpleSsoAuthBundle:TrustedSso:logout
                create_users: true
                created_users_roles: [ROLE_USER, ROLE_ADMIN]
                check_path: /backend/login_check
                login_path: /backend/login
                use_referer: true

    access_control:
         - { path: ^/backend, roles: ROLE_ADMIN }

I create this memory providers because if not i get this error message:

InvalidConfigurationException: The child node "providers" at path "security" must be configured.

Then when i access to /backend it redirect to login URL: https://cas.XXX.com/ID/login, up here all right! but when I start session it redirect to:

/backend/login_check?ticket=ST-1383036359rD96A55DD1B77B754D4
and i have a Exception

<url> malformed
500 Internal Server Error - ClientException

I know thats is because of the "?ticket=ST-1383036359rD96A55DD1B77B754D4" but i dont know how to solve.

thanks!
@kamilZ
Copy link

kamilZ commented Oct 29, 2013

you should at least set up one access_control in your security.yml, Please check this http://symfony.com/doc/current/book/security.html

@JavierGrinon
Copy link
Author

Sorry, I forget to put. I still have the problem. Thanks!

@arrobeusa
Copy link

I was having a similar issue with a 2.2 project. I decided to start with a fresh 2.3 project to see if I could get it to work. The state I'm in now is that I login on CAS form and then am redirected to /login on my application. I was getting a "admin" user does not exist warning on that login screen even though I was already authenticated with CAS. That was solved by adding the "in_memory" provider as you see below. Clearly, I'll need to implement a new provider.

But, I still have one big question: Do we have to implement a login action? If so, what logic should be there?

I have the following security.yml:

security:
    encoders:
        Symfony\Component\Security\Core\User\User: plaintext

    role_hierarchy:
        ROLE_ADMIN:       ROLE_USER
        ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]

    providers:
        in_memory:
            memory:
                users:
                    user:  { password: userpass, roles: [ 'ROLE_USER' ] }
                    admin: { password: adminpass, roles: [ 'ROLE_ADMIN' ] }

    firewalls:
        dev:
            pattern:  ^/(_(profiler|wdt)|css|images|js)/
            security: false

        login:
            pattern:  ^/demo/secured/login$
            security: false

        secure_area:
           pattern:    ^/(demo/secured/|login_check)
           security: true
           trusted_sso:
               manager: cas_manager
               login_action: false
               logout_action: false
               login_path: /login
               check_path: /login_check
               create_users: true
               created_users_roles: [ROLE_USER, ROLE_ADMIN]
               #failure_path: /debug
           #logout:
           #     path: /logout
           #     target: /a_path

    access_control:
        - { path: ^/demo/secured/hello/admin/, roles: ROLE_ADMIN }
        #- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }

And then in my routing.yml:

login:
    pattern:   /login
    defaults:  { _controller: AcmeDemoBundle:Secured:login }

login_check:
    pattern:   /login_check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@arrobeusa @kamilZ @JavierGrinon