Skip to content
This repository has been archived by the owner on Nov 14, 2018. It is now read-only.

[saml] $_SESSION['user_id'] is empty, leads to redirect loop #2162

Open
pminkler opened this issue Mar 18, 2016 · 1 comment
Open

[saml] $_SESSION['user_id'] is empty, leads to redirect loop #2162

pminkler opened this issue Mar 18, 2016 · 1 comment
Labels
bug

Comments

@pminkler
Copy link

pminkler commented Mar 18, 2016
edited by DeepDiver1975
Loading

It seems my issue is met at:

\var\www\html\owncloud\apps\user_saml\appinfo\app.php line 54
OCP\User::isLoggedIn() is false, because in...
\var\www\html\owncloud\lib\private\user.php line 372
\OC::$server->getSession()->get('user_id') !== null
is null. My $_SESSION at the time is:

$_SESSION['SID_CREATED'] = (int) 1458312636
$_SESSION['LAST_ACTIVITY'] = (int) 1458314546
$_SESSION['OC_Version_Timestamp'] = (int) 1450706342
$_SESSION['OC_Version'] = array[4]
    $_SESSION['OC_Version'][0] = (int) 8
    $_SESSION['OC_Version'][1] = (int) 1
    $_SESSION['OC_Version'][2] = (int) 5
    $_SESSION['OC_Version'][3] = (int) 2
$_SESSION['OC_VersionString'] = (string) 8.1.5
$_SESSION['OC_Build'] = (string) 2015-12-21T13:58:19+00:00 47a2c3738cff363a477fcef011a838f3f05fec2e
$_SESSION['OC_Channel'] = (string) stable
$_SESSION['checkServer_succeeded'] = (bool) 1
$_SESSION['requesttoken'] = (string) qPfclVuxmt0Cma3lyq/RD3sZNzWus0

I don't know if it matters, but my $_REQUEST seems to say that I'm authenticated.
$_REQUEST['user_saml_logged_in'] = (string) 1
$_REQUEST['ochdifsb1rd4'] = (string) r78OgK48Q5V6cdSaPBAb7MCTqP6
$_REQUEST['PHPSESSID'] = (string) lDV962524CvnT595vEzCKeeCCy2
$_REQUEST['__utma'] = (string) 58122552.1425340076.1456513695.1456513695.1456513695.1
$_REQUEST['__utmc'] = (string) 58122552
$_REQUEST['__utmz'] = (string) 58122552.1456513695.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not provided)
$_REQUEST['XDEBUG_SESSION'] = (string) XDEBUG_SUBLIME
$_REQUEST['SimpleSAMLSessionID'] = (string) ba94d64fa6b0d0e2af5766297a3550ac
$_REQUEST['SimpleSAMLAuthToken'] = (string) _52a5c98a41e774bac024c5051fa07e210ade73fe70

I am using SQL for my simplesaml sessions. What is supposed to set $_SESSION['user_id']? What user is it the ID for, as the code hasn't even gotten to creating the Owncloud user that corresponds to my SAML user.

On a side note, I am confused by the line:
if (!OC_User::login('', '')) {
$error = true;
OC_Log::write('saml','Error trying to authenticate the user', OC_Log::DEBUG);
}

In \var\www\html\owncloud\apps\user_saml\appinfo\app.php. Are we attempting to login with an unkown user, just to create a failed login log?

Affected apps

user_saml

Expected behaviour

After SAML authentication, I am logged in

Actual behaviour

I am not logged in and am taken through a redirect loop.

Steps to reproduce

  1. Forced login through SAML
  2. Login with SAML
  3. Get redirected back to /owncloud/index.php/apps/files/
  4. See error of redirect loops

Server configuration

Operating system: Amazon EC2

Web server:

Database: mySQL

PHP version: 5.5.5

ownCloud version: 8.1

Client configuration

Browser: Chrome

Operating system: Windows 7

Logs

Web server error log

none

ownCloud log (data/owncloud.log)

none

Browser log

Just a bunch of attempts to load the same URL over and over again in Live HTTP Headers
@pminkler
Copy link
Author

If setAttributes in lib/hooks.php sets the user_id, I never get there since post_login is never called.

@PVince81 PVince81 added the bug label Oct 14, 2016
@PVince81 PVince81 changed the title $_SESSION['user_id'] is empty, leads to redirect loop [saml] $_SESSION['user_id'] is empty, leads to redirect loop Oct 14, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@PVince81 @pminkler