-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CHttpException #4
Comments
This saml plugin was created 4 years ago for Limesurvey 2.0.5, and you are trying 2.6.2. |
Thanks for your answer |
Hi, Try to disable CRSF https://manual.limesurvey.org/Optional_settings#Request_settings . If it work : i think SAML can work without $_POST value submitted ? Unsure here, must track why it's a post value |
SAML uses HTTP-POST binding to send the SAMLResponse to the ACS URL endpoint (is the most common scenario). Since the SAML protocol has its own mechanism to validate the SAMLResponse, the CRSF protection is not required on SAML endpoints. |
OK, then : must find a way to Deactivate CRSF protection on this endpoint (maybe use https://manual.limesurvey.org/NewUnsecureRequest ? But out of Auth plugin system ...) If i look at code : if you're already connected to SAML : no need post value again ? Right ? If yes : how is set $ssp->getLoginURL() ? [edit] Then can be done with some hour |
Yes Right, If I'm already connected, there is no need to post value again |
Yes : and disable CRSF fix the issue too. For a better fix try, in config.php
If it work : adding a line in README fix it . Another way to fix is adding another return url using $ssp->getLoginURL() and NewUnsecureRequest |
@lebarbu34280 : deactivate CRSF globally : did it work ? If yes , just for authentification ? |
Hi,
I'm experimenting some troubles with the plugin.
I have a full federation working with SPs, IDPs, and websites connected to
I'm using simpleSAMLphp 1.14.3 and it working fine
I'm using Limesurvey 2.6.2
my apache is apache 2.4
my php 5.6
but I keep getting thir error
CHttpException
Le jeton CSRF n'a pas pu être vérifié.
/home/limesurvey/www/limesurvey-sso/framework/web/CHttpRequest.php(1355)
1343 case 'DELETE':
1344 $userToken=$this->getDelete($this->csrfTokenName);
1345 }
1346
1347 if (!empty($userToken) && $cookies->contains($this->csrfTokenName))
1348 {
1349 $cookieToken=$cookies->itemAt($this->csrfTokenName)->value;
1350 $valid=$cookieToken===$userToken;
1351 }
1352 else
1353 $valid = false;
1354 if (!$valid)
1355 throw new CHttpException(400,Yii::t('yii','The CSRF token could not be verified.'));
1356 }
1357 }
1358
1359
1360 /**
1361 * Returns the version of the HTTP protocol used by client.
1362 *
1363 * @return string the version of the HTTP protocol.
1364 * @SInCE 1.1.16
1365 */
1366 public function getHttpVersion()
1367 {
Stack Trace
#0
Permission settings for new users #1
Too many redirects #2
Issue with the login #3
– /home/limesurvey/www/limesurvey-sso/index.php(218): CApplication->run()
213 die (sprintf('%s should be writable by the webserver (766 or 776).', $sDefaultRuntimePath));
214 }
215 }
216
217 Yii::$enableIncludePath = false;
218 Yii::createApplication('LSYii_Application', $config)->run();
219
220 /* End of file index.php /
221 / Location: ./index.php */
I installed an SAML tracer to follow the SAML message
when I go to the admin login page, the plugin redirect me to the SP
I use my credentials and I can see the redirect and the connection to the IDP
I got my authentification access, but when I'm redirected to the limesurvey login page I got a loop an then this message
any help would be appreciated
Best regard
The text was updated successfully, but these errors were encountered: