Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs #558

Open
zeyser opened this issue Jun 1, 2023 · 4 comments
Open

The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs #558

zeyser opened this issue Jun 1, 2023 · 4 comments

Comments

@zeyser
Copy link

zeyser commented Jun 1, 2023

Hi!
i'm using v.2.19.1 and I have confusing error - The response was received at https://{site}/api/sso/acs instead of https://{site}/api/sso/acs
I can't understand - why in error message abolutlely equal string https://{site}/api/sso/acs === https://{site}/api/sso/acs ?
From source -

$urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURL);
if (strncmp($destination, $currentURL, $urlComparisonLength) !== 0) {
    $currentURLNoRouted = OneLogin_Saml2_Utils::getSelfURLNoQuery();
    $urlComparisonLength = $security['destinationStrictlyMatches'] ? strlen($destination) : strlen($currentURLNoRouted);

    if (strncmp($destination, $currentURLNoRouted, $urlComparisonLength) !== 0) {
        throw new OneLogin_Saml2_ValidationError(
            "The response was received at $currentURL instead of $destination",
            OneLogin_Saml2_ValidationError::WRONG_DESTINATION
        );
    }
}

I read in similar issues that problem can be related to proxy that stands before PHP, but from source code and error message it's not clear is it really the proxy issue.

Does someone faced a similar problem?
How can I debug a real issue that cause to such error?
@pitbulk
Copy link
Contributor

pitbulk commented Jun 6, 2023

It need to be something else. Have you checked the content inside the SAMLResponse? Maybe there is some extra space or something.

@ri0t1985
Copy link

I've got a similar issue that i've managed to track down to Utils::getSelfRoutedURLNoQuery().

When i've got a 3rd part in my url, it does not work. (/saml/acs/).
What i'd expect to be returned is: /saml/acs/
What is actually returned: /saml/

If I remove the hash from the URL earlier in my application, it works just fine.

@sanojv-EY
Copy link

I'm also facing an issue.

The response was received at https://<<WebApp>>.azurewebsites.net:8080/index.php instead of https://<<public domain>>/index.php?/auth/saml/acs

invalid_response
Not authenticated

My Application is hosted on Azure AppService, using the Code publishing model and PHP 8.1 runtime stack. It is accessible through the Azure Application Gateway. My public domain is linked to the Application Gateway, not in the AppService.

Any Fix?

@sanojv-EY
Copy link

sanojv-EY commented Dec 2, 2023
edited

Finally, I fixed this issue by adding a public domain in the app service and changing the $_proxyVars = true; in Utils.php.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pitbulk @ri0t1985 @zeyser @sanojv-EY