Project

General

Profile

Anomalie #18385

Connexion SSO non opérationnelle pour lemonLDAP.

Added by Ludovic ARAUJO about 1 year ago. Updated about 1 year ago.

Status:
Développé / Analysé (S)
Priority:
1-Majeur
Assignee:
Ludovic ARAUJO
Target version:
Start date:
09/24/2021
Due date:
10/08/2021
Tags Courrier:
21.03.9

Description

Je suis redirigé vers le portail sso à chaque fois que je clic(depuis le portail sso) sur l'application courrier.

J'ai donc placé un die dans le code et la une erreur apparaît : 'Authentication Failed : login not present in header'

La variable serveur que je récolte :

{"REDIRECT_MAARCH_TMP_DIR":"/mnt/maarch/tmp"
"REDIRECT_MAARCH_ENCRYPT_KEY":"kdfjdf54546jdfvbdfv6jksdcbsd"
"REDIRECT_STATUS":"200"
"MAARCH_TMP_DIR":"/mnt/maarch/tmp"
"MAARCH_ENCRYPT_KEY":"kdfjdf54546jdfvbdfv6jksdcbsd"
"HTTP_HOST":"kovel-test.agglo-tco.re"
"HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
"HTTP_ACCEPT":"application/json
 text/plain
 */*"
"HTTP_ACCEPT_LANGUAGE":"fr
fr-FR;q=0.8
en-US;q=0.5
en;q=0.3"
"HTTP_ACCEPT_ENCODING":"gzip
 deflate
 br"
"CONTENT_TYPE":"application/json"
"HTTP_ORIGIN":"https://kronos-test.agglo-tco.re"
"HTTP_REFERER":"https://kronos-test.agglo-tco.re/dist/index.html"
"HTTP_COOKIE":"_ga=GA1.2.2133082879.1610538809;"
"HTTP_X_FORWARDED_PROTO":"https"
"HTTP_X_FORWARDED_FOR":"10.1.1.108"
"HTTP_X_FORWARDED_HOST":"kronos-test.agglo-tco.re"
"HTTP_X_FORWARDED_SERVER":"kronos-test.agglo-tco.re"
"HTTP_CONNECTION":"Keep-Alive"
"CONTENT_LENGTH":"30"
"PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
"SERVER_SIGNATURE":""
"SERVER_SOFTWARE":"Apache"
"SERVER_NAME":"kovel-test.agglo-tco.re"
"SERVER_ADDR":"10.1.1.32"
"SERVER_PORT":"80"
"REMOTE_ADDR":"10.1.1.4"
"DOCUMENT_ROOT":"/mnt/maarch/html"
"REQUEST_SCHEME":"http"
"CONTEXT_PREFIX":""
"CONTEXT_DOCUMENT_ROOT":"/mnt/maarch/html"
"SERVER_ADMIN":"[no address given]"
"SCRIPT_FILENAME":"/mnt/maarch/html/rest/index.php"
"REMOTE_PORT":"59972"
"REDIRECT_URL":"/rest/authenticate"
"GATEWAY_INTERFACE":"CGI/1.1"
"SERVER_PROTOCOL":"HTTP/1.1"
"REQUEST_METHOD":"POST"
"QUERY_STRING":""
"REQUEST_URI":"/rest/authenticate"
"SCRIPT_NAME":"/rest/index.php"
"PHP_SELF":"/rest/index.php"
"REQUEST_TIME_FLOAT":1632465180.598973
"REQUEST_TIME":1632465180}

$_SERVER ne contien pas l'information souhaitée : REMOTE_USER.

J'analyse le flux avec tcpdump :

IP (tos 0x0, ttl 64, id 50431, offset 0, flags [DF], proto TCP (6), length 701)
    10.1.1.4.54103 > 10.1.1.32.80: Flags [P.], cksum 0x57b3 (correct), seq 1:650, ack 1, win 229, options [nop,nop,TS val 1194930109 ecr 2136971084], length 649: HTTP, length: 649
        GET /dist/polyfills-es2015.b86be9c6fde12488a69f.js HTTP/1.1
        Host: kovel-test.agglo-tco.re
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
        Accept: */*
        Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
        Accept-Encoding: gzip, deflate, br
        Referer: https://kronos-test.agglo-tco.re/dist/index.html
        Cookie: _ga=GA1.2.1195210035.1626766936; _gid=GA1.2.709933159.1632462306
        Pragma: no-cache
        Cache-Control: no-cache
        REMOTE_USER: eric.castelnau
        TEST: test
        X-Forwarded-Proto: https
        X-Forwarded-For: 10.2.7.200
        X-Forwarded-Host: kronos-test.agglo-tco.re
        X-Forwarded-Server: kronos-test.agglo-tco.re

REMOTE_USER

du coup j'ai mis ça dans le code :

$login = apache_request_headers()[strtoupper($mapping['login'])] ?? null;
$_SERVER[strtoupper($mapping['login'])] = $login;

je me retrouve avec : votre session a expiré (modifié)

je suis toujours log sur le sso et je lance l'appli depuis le portail sso
pour info, la prod 20.03 se lance sans soucis

History

#3 Updated by Emmanuel DILLARD about 1 year ago

  • Due date changed from 09/25/2021 to 09/27/2021
  • Status changed from A qualifier to A étudier

#4 Updated by Emmanuel DILLARD about 1 year ago

  • Subject changed from Connexion SSO non opérationnel pour lemonLDAP. to [ANALYSE] Connexion SSO non opérationnel pour lemonLDAP.
  • Status changed from A étudier to Prêt à embarquer

#5 Updated by Emmanuel DILLARD about 1 year ago

  • Due date changed from 09/27/2021 to 10/08/2021
  • Status changed from Prêt à embarquer to En cours de dev (S)

#6 Updated by Quentin RIBAC about 1 year ago

  • Assignee set to Quentin RIBAC

#7 Updated by GIT LAB about 1 year ago

Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 1 using AuthenticationController::authenticate() if no Basic Auth provided
https://labs.maarch.org/maarch/MaarchCourrier/commit/f96d56120adb5308dcdb8cb78dd56696a8c1aeed

#8 Updated by GIT LAB about 1 year ago

Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 0:30 made changes minimal
https://labs.maarch.org/maarch/MaarchCourrier/commit/3309ad5047b8c3751f0477383c4bf46a518e918d

#9 Updated by GIT LAB about 1 year ago

Commit ajouté sur la branche fix/18385/21.03 de MaarchCourrier
FIX #18385 TIME 0:08 added apache_request_headers in ssoConnection
https://labs.maarch.org/maarch/MaarchCourrier/commit/6dc0696912903c2daeed3cadc78ff2db1fee84d4

#10 Updated by GIT LAB about 1 year ago

Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 0:10 made headers case-insensitive in ssoConnection
https://labs.maarch.org/maarch/MaarchCourrier/commit/8a4adf062a95b404cf4d1667150233563fa8c882

#11 Updated by GIT LAB about 1 year ago

Commit ajouté sur la branche fix/18385/21.03 de MaarchCourrier
FIX #18385 TIME 0:02 made headers case-insensitive in ssoConnection
https://labs.maarch.org/maarch/MaarchCourrier/commit/69090b8e4a698252a7e064b0739d3360348b3c07

#12 Updated by GIT LAB about 1 year ago

Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 0:05 added if in case apache_request_headers returns false
https://labs.maarch.org/maarch/MaarchCourrier/commit/942db469ac4e41d2f674ae5191216770ad0aa0ea

#13 Updated by GIT LAB about 1 year ago

Commit ajouté sur la branche fix/18385/21.03 de MaarchCourrier
FIX #18385 TIME 0:03 added if in case apache_request_headers returns false
https://labs.maarch.org/maarch/MaarchCourrier/commit/0886dfd7ecc2362d962c3b881d0c04bf364e875b

#14 Updated by Quentin RIBAC about 1 year ago

  • Tags Courrier 21.03.9 added

#15 Updated by Quentin RIBAC about 1 year ago

  • Subject changed from [ANALYSE] Connexion SSO non opérationnel pour lemonLDAP. to Connexion SSO non opérationnelle pour lemonLDAP.

#17 Updated by Emmanuel DILLARD about 1 year ago

  • Assignee changed from Quentin RIBAC to Ludovic ARAUJO

#19 Updated by Quentin RIBAC about 1 year ago

  • Status changed from En cours de dev (S) to A tester (S)

#20 Updated by Alex ORLUC about 1 year ago

  • Status changed from A tester (S) to Développé / Analysé (S)

Also available in: Atom PDF