Anomalie #18385
Connexion SSO non opérationnelle pour lemonLDAP.
Description
Je suis redirigé vers le portail sso à chaque fois que je clic(depuis le portail sso) sur l'application courrier.
J'ai donc placé un die dans le code et la une erreur apparaît : 'Authentication Failed : login not present in header'
La variable serveur que je récolte :
{"REDIRECT_MAARCH_TMP_DIR":"/mnt/maarch/tmp" "REDIRECT_MAARCH_ENCRYPT_KEY":"kdfjdf54546jdfvbdfv6jksdcbsd" "REDIRECT_STATUS":"200" "MAARCH_TMP_DIR":"/mnt/maarch/tmp" "MAARCH_ENCRYPT_KEY":"kdfjdf54546jdfvbdfv6jksdcbsd" "HTTP_HOST":"kovel-test.agglo-tco.re" "HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" "HTTP_ACCEPT":"application/json text/plain */*" "HTTP_ACCEPT_LANGUAGE":"fr fr-FR;q=0.8 en-US;q=0.5 en;q=0.3" "HTTP_ACCEPT_ENCODING":"gzip deflate br" "CONTENT_TYPE":"application/json" "HTTP_ORIGIN":"https://kronos-test.agglo-tco.re" "HTTP_REFERER":"https://kronos-test.agglo-tco.re/dist/index.html" "HTTP_COOKIE":"_ga=GA1.2.2133082879.1610538809;" "HTTP_X_FORWARDED_PROTO":"https" "HTTP_X_FORWARDED_FOR":"10.1.1.108" "HTTP_X_FORWARDED_HOST":"kronos-test.agglo-tco.re" "HTTP_X_FORWARDED_SERVER":"kronos-test.agglo-tco.re" "HTTP_CONNECTION":"Keep-Alive" "CONTENT_LENGTH":"30" "PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" "SERVER_SIGNATURE":"" "SERVER_SOFTWARE":"Apache" "SERVER_NAME":"kovel-test.agglo-tco.re" "SERVER_ADDR":"10.1.1.32" "SERVER_PORT":"80" "REMOTE_ADDR":"10.1.1.4" "DOCUMENT_ROOT":"/mnt/maarch/html" "REQUEST_SCHEME":"http" "CONTEXT_PREFIX":"" "CONTEXT_DOCUMENT_ROOT":"/mnt/maarch/html" "SERVER_ADMIN":"[no address given]" "SCRIPT_FILENAME":"/mnt/maarch/html/rest/index.php" "REMOTE_PORT":"59972" "REDIRECT_URL":"/rest/authenticate" "GATEWAY_INTERFACE":"CGI/1.1" "SERVER_PROTOCOL":"HTTP/1.1" "REQUEST_METHOD":"POST" "QUERY_STRING":"" "REQUEST_URI":"/rest/authenticate" "SCRIPT_NAME":"/rest/index.php" "PHP_SELF":"/rest/index.php" "REQUEST_TIME_FLOAT":1632465180.598973 "REQUEST_TIME":1632465180}
$_SERVER ne contien pas l'information souhaitée : REMOTE_USER.
J'analyse le flux avec tcpdump :
IP (tos 0x0, ttl 64, id 50431, offset 0, flags [DF], proto TCP (6), length 701) 10.1.1.4.54103 > 10.1.1.32.80: Flags [P.], cksum 0x57b3 (correct), seq 1:650, ack 1, win 229, options [nop,nop,TS val 1194930109 ecr 2136971084], length 649: HTTP, length: 649 GET /dist/polyfills-es2015.b86be9c6fde12488a69f.js HTTP/1.1 Host: kovel-test.agglo-tco.re User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: */* Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Referer: https://kronos-test.agglo-tco.re/dist/index.html Cookie: _ga=GA1.2.1195210035.1626766936; _gid=GA1.2.709933159.1632462306 Pragma: no-cache Cache-Control: no-cache REMOTE_USER: eric.castelnau TEST: test X-Forwarded-Proto: https X-Forwarded-For: 10.2.7.200 X-Forwarded-Host: kronos-test.agglo-tco.re X-Forwarded-Server: kronos-test.agglo-tco.re
REMOTE_USER
du coup j'ai mis ça dans le code :
$login = apache_request_headers()[strtoupper($mapping['login'])] ?? null; $_SERVER[strtoupper($mapping['login'])] = $login;
je me retrouve avec : votre session a expiré (modifié)
je suis toujours log sur le sso et je lance l'appli depuis le portail sso
pour info, la prod 20.03 se lance sans soucis
History
#3 Updated by Emmanuel DILLARD 8 months ago
- Due date changed from 09/25/2021 to 09/27/2021
- Status changed from A qualifier to A étudier
#4 Updated by Emmanuel DILLARD 8 months ago
- Subject changed from Connexion SSO non opérationnel pour lemonLDAP. to [ANALYSE] Connexion SSO non opérationnel pour lemonLDAP.
- Status changed from A étudier to Prêt à développer
#5 Updated by Emmanuel DILLARD 7 months ago
- Due date changed from 09/27/2021 to 10/08/2021
- Status changed from Prêt à développer to En cours de dev (S)
#6 Updated by Quentin RIBAC 7 months ago
- Assignee set to Quentin RIBAC
#7 Updated by GIT LAB 7 months ago
Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 1 using AuthenticationController::authenticate() if no Basic Auth provided
https://labs.maarch.org/maarch/MaarchCourrier/commit/f96d56120adb5308dcdb8cb78dd56696a8c1aeed
#8 Updated by GIT LAB 7 months ago
Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 0:30 made changes minimal
https://labs.maarch.org/maarch/MaarchCourrier/commit/3309ad5047b8c3751f0477383c4bf46a518e918d
#9 Updated by GIT LAB 7 months ago
Commit ajouté sur la branche fix/18385/21.03 de MaarchCourrier
FIX #18385 TIME 0:08 added apache_request_headers in ssoConnection
https://labs.maarch.org/maarch/MaarchCourrier/commit/6dc0696912903c2daeed3cadc78ff2db1fee84d4
#10 Updated by GIT LAB 7 months ago
Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 0:10 made headers case-insensitive in ssoConnection
https://labs.maarch.org/maarch/MaarchCourrier/commit/8a4adf062a95b404cf4d1667150233563fa8c882
#11 Updated by GIT LAB 7 months ago
Commit ajouté sur la branche fix/18385/21.03 de MaarchCourrier
FIX #18385 TIME 0:02 made headers case-insensitive in ssoConnection
https://labs.maarch.org/maarch/MaarchCourrier/commit/69090b8e4a698252a7e064b0739d3360348b3c07
#12 Updated by GIT LAB 7 months ago
Commit ajouté sur la branche fix/18385/develop de MaarchCourrier
FIX #18385 TIME 0:05 added if in case apache_request_headers returns false
https://labs.maarch.org/maarch/MaarchCourrier/commit/942db469ac4e41d2f674ae5191216770ad0aa0ea
#13 Updated by GIT LAB 7 months ago
Commit ajouté sur la branche fix/18385/21.03 de MaarchCourrier
FIX #18385 TIME 0:03 added if in case apache_request_headers returns false
https://labs.maarch.org/maarch/MaarchCourrier/commit/0886dfd7ecc2362d962c3b881d0c04bf364e875b
#14 Updated by Quentin RIBAC 7 months ago
- Tags Courrier 21.03.9 added
#15 Updated by Quentin RIBAC 7 months ago
- Subject changed from [ANALYSE] Connexion SSO non opérationnel pour lemonLDAP. to Connexion SSO non opérationnelle pour lemonLDAP.
#17 Updated by Emmanuel DILLARD 7 months ago
- Assignee changed from Quentin RIBAC to Ludovic ARAUJO
#19 Updated by Quentin RIBAC 7 months ago
- Status changed from En cours de dev (S) to A tester (S)
#20 Updated by Alex ORLUC 7 months ago
- Status changed from A tester (S) to Développé / Analysé (S)