[SAML2] Stuck with successful response

W-i-s-h · 14 February 2023 16:54

Hi guys.

I’m trying to make LibreNMS work with socialite/saml2 plugin for SSO authorization on ADFS.
My starting point:

installed plugin

service.php:

saml2' => [
            'metadata' => 'meta',
            'acs' => 'wayToIDP',
            'entityid' => 'wayToTrust',
            'certificate' => file_get_contents('cert'),
            'listener' => '\SocialiteProviders\Saml2\Saml2ExtendSocialite',
            'sp_acs' => 'auth/saml2/callback'
            ]

In config/app.php providers array:

providers' => [
    // ...
    Laravel\Socialite\SocialiteServiceProvider::class,
    \SocialiteProviders\Manager\ServiceProvider::class,
    // ...
]

in app/Providers/EventServiceProvider there is:

protected $listen = [
    \SocialiteProviders\Manager\SocialiteWasCalled::class => [
        // ... other providers
        \SocialiteProviders\Saml2\Saml2ExtendSocialite::class.'@handle',
    ],
];

And of course, in my routes/web.php I have this:

Route::get('/auth/redirect', function () {
    return Socialite::driver('saml2')->redirect();
});

and

Route::get('/auth/saml2/callback', function () {
    $user = Socialite::driver('saml2')->user();
});

And I’ve got urn:oasis:names:tc:SAML:2.0:status:Success from ADFS when I’m truing to authorize via SAML login. I successfully pass login\password pair on ADFS, but… But I’ve left on a white page with address of https://mysite.com/auth/saml2/callback?SAMLResponse=vVXbbuM2E… and no redirection to LibreNMS interface or whatever it might be. Just empty page.
Did I miss something? Or maybe I should change some settings in ADFS? But I’ve got a valid (I hope) response, showing that my user is the correct one… Then, how user could be redirected with its successful response to webgui? I’ve stuck with this problem for a week, and now it feels like I’m out of ammo.
Can you help me? Any advice is super valuable =)

fbouynot · 16 February 2023 10:33

Hi,

I have a working setup with this config (nothing else changed):

su - librenms
echo "SESSION_SAME_SITE_COOKIE=none" >> .env
lnms plugin:add socialiteproviders/saml2
lnms config:set auth.socialite.redirect true
lnms config:set auth.socialite.register true
lnms config:set auth.socialite.configs.saml2.acs https://login.microsoftonline.com/xxxxxxxxxxxx/saml2
lnms config:set auth.socialite.configs.saml2.entityid https://sts.windows.net/xxxxxxxxxxxxxx/
lnms config:set auth.socialite.configs.saml2.certificate yyyyyyyyyyy
lnms config:set auth.socialite.configs.saml2.listener "\SocialiteProviders\Saml2\Saml2ExtendSocialite"
lnms config:set auth.socialite.configs.saml2.metadata https://nexus.microsoftonline-p.com/federationmetadata/saml20/federationmetadata.xml
lnms config:set auth.socialite.configs.saml2.sp_default_binding_method urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
lnms config:clear

Also, what did you setup in azad?

W-i-s-h · 2 March 2023 21:13

Found a solution. The Main villain here is:

“And of course, in my routes/web.php I have this:
Route::get(‘/auth/redirect’, function () {
return Socialite::driver(‘saml2’)->redirect();
});”

Socialite plugin is already (when it was installed I guess) added some callback and provider info in web.php file and additional data is ruining everything. Case closed. Thank you =)

system · 31 May 2023 21:13

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.