1

Ok, i'm integrating simpleSAML with symfony as an sp, for my own reasons I don't want to use the sp bundle.

I've setup simplesaml in /simplesaml, as per instructions, and it works a charm.

I'm able to test it with a simple web site test.php, where i do this

$as = new SimpleSAML_Auth_Simple('google');
if($as->isAuthenticated()===false){
    $as->requireAuth();
}
$attributes = $as->getAttributes();
print_r($attributes);

and that works fine, but if i flip it over to my symfony site, i can see symfony resetting the php session cookie, so i assume that it is not able to find the one set by simplesaml.

I tried the same above code in my logincontroller to see if i could get my idp supplied data, i can not, it bounces me through my IDP login and lands me on the simplesaml page, which gives me 'State information lost'

Any help appreciated.

Monsters X
  • 2,638
  • 1
  • 19
  • 21

1 Answers1

1

'State information lost' is pretty generic. The documentation provides a check list of things that can cause the problem

  • Hostname changes. If you visit https://www.example.com and your metadata says https://example.com then the cookie created on the initial visit won't be available.
  • Move between HTTPS and HTTP.
  • Mismatch between the cookie settings (name, path, domain, etc) for SSP and symfony

The SamlTracer plugin for firefox is useful in deciphering what SAML messages are being exchanged, including what attributes the IdP is sending.

Patrick
  • 3,901
  • 1
  • 25
  • 30
  • Thanks, i didn't know about that plugin. Mostly, things seem to be fine, except for symfony using a different session cache than simplesaml is... – Monsters X Mar 16 '16 at 20:41