[GitHub] [cloudstack] elShiaLabeouf opened a new issue, #6365: Unable to sign in via SAML in Cloudstack Simulator

[GitBox]

elShiaLabeouf opened a new issue, #6365:
URL: https://github.com/apache/cloudstack/issues/6365

   ##### ISSUE TYPE
    * Bug Report
   
   ##### COMPONENT NAME
   ~~~
   UI: SAML login
   ~~~
   
   ##### CLOUDSTACK VERSION
   ~~~
   main branch
   commit: f572c7ab74508366b3b2ccbb2c0e6eeaa872fd36
   ~~~
   
   ##### CONFIGURATION
   SAML authentication activated
   
   ##### OS / ENVIRONMENT
   Environment: development,
   Docker + Docker-compose, 
   "cloudstack-simulator" container running on localhost:5050/, 
   Ruby on Rails server running on localhost:3000/ as custom IdP implemented 
via the saml_idp gem.
   
   ##### SUMMARY
   The user is being redirected to login form after a successful SAML SSO login.
   
   ##### STEPS TO REPRODUCE
   After the IdP sends POST http://localhost:5050/client/api?command=samlSso , 
it receives a response header `set-cookie: 
userid=063f7aef-f355-4e4e-85f3-dcbaef02bb84` from the Cloudstack:
   ![Screenshot from 2022-05-07 
11-57-05](https://user-images.githubusercontent.com/20026712/167247777-176b2eb7-0744-44cc-a38e-2dae7ae29bbf.png)
   
   The path in the header is not specified, so the cookie is being set to 
"/client" Path:
   ![Screenshot from 2022-05-07 
11-57-31](https://user-images.githubusercontent.com/20026712/167247915-07c3a082-c842-4fd6-b585-f9c81d5038c0.png)
   
   Nevertheless the previously successful POST got a response with the 302 
status and the response header `location: http://localhost:5050/`, so the 
browser is redirected to that location, but instead of a dashboard we see the 
login form again:
   ![Screenshot from 2022-05-07 
11-57-05](https://user-images.githubusercontent.com/20026712/167248145-5cab61c0-348b-4ec9-93f9-2728212ab666.png)
   
   OK, now we open `localhost:5050/client/` in the browser and fix the "userid" 
cookie Path to '/' manually: 
   ![Screenshot from 2022-05-07 
11-57-40](https://user-images.githubusercontent.com/20026712/167248201-e908452a-8a4a-44ce-a33f-aa516b6a8911.png)
   
   Then refresh the `localhost:5050/` tab and voila:
   ![Screenshot from 2022-05-07 
11-57-48](https://user-images.githubusercontent.com/20026712/167248229-cb6b7a04-9cb2-4988-bfbd-8731e05e3957.png)
   
   My thoughts:
   I'm aware that Cloudstack UI on production is run on `/client` path, so the 
bug wouldn't reproduce there, but I'm convinced that we shouldn't implicitly 
hardcode the cookie to the `/client` Path. 
   
   Instead I propose to explicitly set it to the `/` Path.
   
   I'm creating a PR to fix this and get back to you shortly.
   
   P.S. Thank you for the SAML authentication option - it's a very convenient 
way to authorize users in Cloudstack! 
   
   ##### EXPECTED RESULTS
   
   ~~~
   The user is redirected to his Cloudstack dashboard
   ~~~
   
   ##### ACTUAL RESULTS
   
   ~~~
   The user is shown the login form
   ~~~
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org