Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lightSAML is overwritting form_login parameters #93

Open
mannion opened this issue Mar 25, 2021 · 0 comments
Open

lightSAML is overwritting form_login parameters #93

mannion opened this issue Mar 25, 2021 · 0 comments

Comments

@mannion
Copy link

mannion commented Mar 25, 2021

When trying to use both lightSAML and form_login authentication, with form_login as the default authentication, lightSAML overwrites the login_path and use_forward parameters for the security.authentication.form_entry_point (FormAuthenticationEntryPoint). As a result all authentication requests always go to the SAML login page.

For our specific case, we have a a variety of corporate customers. Most companies use our built in forms based authentication. However, some companies want to use SSO with their own identity providers (via SAML). We'd like to have some magic in our login page that detects (probably by the host subdomain or something else in the URL) if the user should continue with the standard forms login or be redirected to their specific identity provider(via /saml/login).

In src/LightSaml/SpBundle/DependencyInjection/Security/Factory/LightSamlSpFactory.php, the createEntryPoint should only modify the 'security.authentication.form_entry_point' definition if the $defaultEntryPointId is null, the same way Symfony's HttpDigestFactory and HttpBasicFactory do. Adding the following to the beginning of the createEntryPoint method fixes the problem:

if ($defaultEntryPointId !== null) {
    return $defaultEntryPointId;
}

Or even better, add a configuration option so developers can explicitly specify if they want lightSAML to be the default login page or not:

if ($defaultEntryPointId !== null && $config['override_form_entry_point_parameters'] != true ) {
    return $defaultEntryPointId;
}
Navds pushed a commit to Navds/SpBundle that referenced this issue Apr 8, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant