Comments (7)
duskobogdanovski
commented on September 1, 2024
Hey @oyvindskj, could you please provide more details because i'm not able to reproduce the issue, thanks.
from ckanext-saml2auth.
oyvindskj
commented on September 1, 2024
Hi @duskobogdanovsk. What I see is that when Azure does the callback
POST https://test-data.mydomain.com/acs
which then returns 302 with header location: https://test-data.mydomain.com/user/me, there are 3 response headers like this:
- set-cookie: auth_tkt="some-value"; HttpOnly; Path=/; SameSite=Lax; Secure
- set-cookie: auth_tkt="some-value"; Domain=test-data.mydomain.com; HttpOnly; Path=/; SameSite=Lax; Secure
- set-cookie: auth_tkt="some-value"; Domain=.test-data.mydomain.com; HttpOnly; Path=/; SameSite=Lax; Secure
some-value is equal across the three headers. I looked in the SAML body that was posted, but could not find any .test there. Can it be some misconfiguration of our CKAN?
from ckanext-saml2auth.
duskobogdanovski
commented on September 1, 2024
@oyvindskj, the leading dot means that the cookie is valid for subdomains as well; nevertheless recent HTTP specifications (RFC 6265) changed this rule so modern browsers should not care about the leading dot. The dot may be needed by old browser implementing the deprecated RFC 2109.
Could you please verify that after you log out: ckan and auth_tkt cookies are deleted?
from ckanext-saml2auth.
oyvindskj
commented on September 1, 2024
@duskobogdanovski This is described in the initial issue: Only one of the two auth_tkt cookies are deleted. Also, the ckan cookie remains. I am using Chrome 93.0.4577.82.
from ckanext-saml2auth.
mbocevski
commented on September 1, 2024
@oyvindskj this is quite peculiar, cause the behavior is correct, cookies are set and managed by core CKAN, you can see that even tests expect the same behavior https://github.com/ckan/ckan/blob/0ab924d5ea331625bd61a805f23c68a17f028193/ckan/tests/lib/test_auth_tkt.py. However it could be a real bug/issue, so would be great to know which CKAN core version you're running.
from ckanext-saml2auth.
oyvindskj
commented on September 1, 2024
2.9.3 is our CKAN version @mbocevski
/api/3/action/status_show
gives
{ "success": true, "result": { "site_url": "https://test-data.mydomain.com", "ckan_version": "2.9.3", "error_emails_to": null, "locale_default": "nb_NO", "extensions": [ "scheming_datasets", "pages", "dcat", "stats", "text_view", "image_view", "recline_view", "recline_graph_view", "recline_grid_view", "recline_map_view", "datastore", "datapusher", "resource_proxy", "pdf_view", "hidegroups", "saml2auth" ] } }
I removed two extensions we have developed ourself.
from ckanext-saml2auth.
oyvindskj
commented on September 1, 2024
Let me know if there is something I can do to help. I tried with Edge as well - same behaviour.
from ckanext-saml2auth.
Related Issues (20)
- [BUG] Redirect URL errors when configured behind nginx proxy
- [FEATURE] SSO Congiruration with Entra ID (Azure AD) HOT 4
- How to generate the sp.xml HOT 3
- ValueError: Missing assertion /python3.8/site-packages/saml2/response.py line 745, in get_subject HOT 3
- [BUG] things continue to work with wrong mycert.pem
- [BUG] SLO not working correctly, cookies not removed HOT 4
- Not working when CKAN is not mounted on root of Webserver HOT 3
- [BUG] Keycloak SAML2 Issue
- [BUG]Infinite Loop when logout of CKAN
- [BUG] SAML request is not signed HOT 1
- SP Metadata
- saml2.mdstore.SourceNotFound[BUG]
- [BUG] - With CKAN vulnerability upgrade 2.9.9, getting the error below
- Help: Azure AD config. AudienceRestrictions conditions not satisfied! HOT 1
- [BUG] Auth Cookies Not Removed On Logout HOT 9
- Can't install saml2auth in ckan-docker
- [BUG] Can't install xmlsec1 with ckan-docker (saml2.sigver.SigverError: Cannot find ['xmlsec1'])
- [BUG] saml2.SAMLError: URL not specified.
- [BUG] Ckan cookie is not accessible for more replicas HOT 2
- [BUG] Cannot post to default location
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ckanext-saml2auth.