SAML sign-in with devenv

Question

SAML sign-in with devenv

Closed this issue 2 years ago · 7 comments

The sign-in with SAML for my devenv (which I just setup) is not quite working. When I click "Sign-in" I am redirected through a series of steps leading to a successful login, but the Angular application is not updated with the information.

I have no idea whether the view doesn't display right or the backend services don't work right, but I am available to help figure that out.

I did capture a HAR file of the interaction that I will upload.

Answer 1 · 2021-08-13T16:33:05.000Z

I will keep digging around and let you know whether this issue is still important to me accomplishing my task. What I am trying to do is write a custom directive which displays differently when a user is logged in and when a user is not logged in, depending on the user group. Since it depends on the user group, I think I need to login with the devenv.

However, I may not need to if I can figure out which services can be used to provide this information. I see a couple of services related to login and user sessions, as follows:

userSessionManagerService
loginIframeService
jwtUtilService (probably utility code)
silentLoginService

Anyway, I will keep digging around.
I may not need this issue fixed, e.g. SAML login not quite working, if I can figure out how to inject the appropriate services to figure out whether a user is logged in a custom directive. e.g. inject the right services to determine whether a user is logged in.

Answer 2 · 2021-08-13T16:47:23.000Z

userSessionManagerService has a signInObservable. My AngularJS is pretty rusty, but it looks like if my custom directive subscribes to this, I will get a callback when a user is logged in. I may also be able to see whether it is firing when login fails.

Answer 3 · 2021-08-15T07:34:52.000Z

Hi Dan.

I think the problem is caused by the content of the JWT (authorization token) generated by the login process. After decoding it I saw that the viewId field is empty which will probably lead the UI to believe that this is not a valid token (for your view).

Are you developing against a Primo or a PrimoVE env?

I deleted your post that contains the HAR file since that allowed me to get your JWT which is sensitive info (could allow someone else to be authenticated as your user).

Answer 4 · 2021-08-15T07:58:32.000Z

Disregard my question I can see from the HAR file that you are a PrimoVE user.

Answer 5 · 2021-08-15T08:01:32.000Z

Dan is the SAML login working when not using the devenv?

Answer 6 · 2021-12-21T23:38:51.000Z

Yes - it is still not working from the devenv. It does work from the premium sandbox itself. You yourself can see that it works also with production at https://catalog.nlm.nih.gov/.

The issue we have is that unlike most academic libraries, our potential users are the entire public. However, we are also a closed stack library and physical items may include the letters of Paracelsus. So, we really care a lot about collecting standard patron information before allowing requests. However, because we are federal, we also have a lot of rules about collecting PII this way - and this is made more difficult by our users being the general public.

Answer 7 · 2022-02-28T19:43:56.000Z

So embarrassed - the fix for my issue is to include --saml when running:

gulp run --ve --view 01NLM_INST --saml