Actions
Anomalie #18385
ferméConnexion SSO non opérationnelle pour lemonLDAP.
Début:
24/09/2021
Echéance:
08/10/2021
Description
Je suis redirigé vers le portail sso à chaque fois que je clic(depuis le portail sso) sur l'application courrier.
J'ai donc placé un die dans le code et la une erreur apparaît : 'Authentication Failed : login not present in header'
La variable serveur que je récolte :
{"REDIRECT_MAARCH_TMP_DIR":"/mnt/maarch/tmp"
"REDIRECT_MAARCH_ENCRYPT_KEY":"kdfjdf54546jdfvbdfv6jksdcbsd"
"REDIRECT_STATUS":"200"
"MAARCH_TMP_DIR":"/mnt/maarch/tmp"
"MAARCH_ENCRYPT_KEY":"kdfjdf54546jdfvbdfv6jksdcbsd"
"HTTP_HOST":"kovel-test.agglo-tco.re"
"HTTP_USER_AGENT":"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0"
"HTTP_ACCEPT":"application/json
text/plain
*/*"
"HTTP_ACCEPT_LANGUAGE":"fr
fr-FR;q=0.8
en-US;q=0.5
en;q=0.3"
"HTTP_ACCEPT_ENCODING":"gzip
deflate
br"
"CONTENT_TYPE":"application/json"
"HTTP_ORIGIN":"https://kronos-test.agglo-tco.re"
"HTTP_REFERER":"https://kronos-test.agglo-tco.re/dist/index.html"
"HTTP_COOKIE":"_ga=GA1.2.2133082879.1610538809;"
"HTTP_X_FORWARDED_PROTO":"https"
"HTTP_X_FORWARDED_FOR":"10.1.1.108"
"HTTP_X_FORWARDED_HOST":"kronos-test.agglo-tco.re"
"HTTP_X_FORWARDED_SERVER":"kronos-test.agglo-tco.re"
"HTTP_CONNECTION":"Keep-Alive"
"CONTENT_LENGTH":"30"
"PATH":"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
"SERVER_SIGNATURE":""
"SERVER_SOFTWARE":"Apache"
"SERVER_NAME":"kovel-test.agglo-tco.re"
"SERVER_ADDR":"10.1.1.32"
"SERVER_PORT":"80"
"REMOTE_ADDR":"10.1.1.4"
"DOCUMENT_ROOT":"/mnt/maarch/html"
"REQUEST_SCHEME":"http"
"CONTEXT_PREFIX":""
"CONTEXT_DOCUMENT_ROOT":"/mnt/maarch/html"
"SERVER_ADMIN":"[no address given]"
"SCRIPT_FILENAME":"/mnt/maarch/html/rest/index.php"
"REMOTE_PORT":"59972"
"REDIRECT_URL":"/rest/authenticate"
"GATEWAY_INTERFACE":"CGI/1.1"
"SERVER_PROTOCOL":"HTTP/1.1"
"REQUEST_METHOD":"POST"
"QUERY_STRING":""
"REQUEST_URI":"/rest/authenticate"
"SCRIPT_NAME":"/rest/index.php"
"PHP_SELF":"/rest/index.php"
"REQUEST_TIME_FLOAT":1632465180.598973
"REQUEST_TIME":1632465180}
$_SERVER ne contien pas l'information souhaitée : REMOTE_USER.
J'analyse le flux avec tcpdump :
IP (tos 0x0, ttl 64, id 50431, offset 0, flags [DF], proto TCP (6), length 701)
10.1.1.4.54103 > 10.1.1.32.80: Flags [P.], cksum 0x57b3 (correct), seq 1:650, ack 1, win 229, options [nop,nop,TS val 1194930109 ecr 2136971084], length 649: HTTP, length: 649
GET /dist/polyfills-es2015.b86be9c6fde12488a69f.js HTTP/1.1
Host: kovel-test.agglo-tco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://kronos-test.agglo-tco.re/dist/index.html
Cookie: _ga=GA1.2.1195210035.1626766936; _gid=GA1.2.709933159.1632462306
Pragma: no-cache
Cache-Control: no-cache
REMOTE_USER: eric.castelnau
TEST: test
X-Forwarded-Proto: https
X-Forwarded-For: 10.2.7.200
X-Forwarded-Host: kronos-test.agglo-tco.re
X-Forwarded-Server: kronos-test.agglo-tco.re
REMOTE_USER
du coup j'ai mis ça dans le code :
$login = apache_request_headers()[strtoupper($mapping['login'])] ?? null;
$_SERVER[strtoupper($mapping['login'])] = $login;
je me retrouve avec : votre session a expiré (modifié)
je suis toujours log sur le sso et je lance l'appli depuis le portail sso
pour info, la prod 20.03 se lance sans soucis
Actions