laravel-saml2 icon indicating copy to clipboard operation
laravel-saml2 copied to clipboard

Published 20 hours ago verified publisher icon 24Slides

Redirect Loop after SSO

Open UNICodehORN opened this issue 1 year ago • 3 comments

I configured my IDP and followed the instructions given in the Readme section.

When I call https://url-of-my-website/saml2/{uuid}/login I see the SSO page of my IDP. After successfully logging in I am ending up in a redirect loop: https://my-idp-sso-provider/saml2/idp/?SAMLRequest=&RelayState=https://url-of-my-website/saml2/{uuid}/login

For each redirect I see [2022-08-09 18:06:28] local.DEBUG: [Saml2] Tenant resolved {"uuid":"uuid","id":1,"key":"sso_key"} in my laravel log.

` Event::listen(SignedIn::class, function (SignedIn $event) {

        $messageId = $event->getAuth()->getLastMessageId();

        // your own code preventing reuse of a $messageId to stop replay attacks
        $samlUser = $event->getSaml2User();

        $userData = [
            'id' => $samlUser->getUserId(),
            'attributes' => $samlUser->getAttributes(),
            'assertion' => $samlUser->getRawSamlAssertion()
        ];

        // Just dump login works
        //dd($userData);

        $username = $userData["attributes"]["username"]; // find user by ID or attribute
        $user = User::where('name',$username) -> first();

        // Login a user.
        Auth::loginUsingId($user->id);
    });

`

From the Kernel ` protected $middlewareGroups = [ 'web' => [ \App\Http\Middleware\EncryptCookies::class, \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class, \Illuminate\Session\Middleware\StartSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class, \App\Http\Middleware\VerifyCsrfToken::class, \Illuminate\Routing\Middleware\SubstituteBindings::class, ],

    'saml' => [
        \App\Http\Middleware\EncryptCookies::class,
        \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
        \Illuminate\Session\Middleware\StartSession::class,
    ],

    'api' => [
        // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
        'throttle:api',
        \Illuminate\Routing\Middleware\SubstituteBindings::class,
    ],
];

`

From saml2.php 'routesMiddleware' => ['saml'],

UNICodehORN avatar Aug 09 '22 18:08 UNICodehORN

Interesting thing I noticed, if I add ?returnTo=someUrl to the login URL I am redirect to that URL after the login and I am also logged in as the correct user.

No redirect loop in that case.

UNICodehORN avatar Aug 09 '22 18:08 UNICodehORN