我有一个使用saml身份验证的应用程序,并通过cookie将响应传递回SP提供的返回URL。 php代码看起来像这样
setcookie('auth', $cred, time() + 30, parse_url($location, PHP_URL_HOST));
error_log($_COOKIE['auth']);
header('Location: ' . $location, true, 303);
die();
重定向工作正常,但未设置cookie。这在上面显示的php和使用document.cookies
我已经导出了HAR来查看请求,它实际上看起来正在设置cookie,但它仍然无法通过document.cookie访问。它应该工作的方式是应用程序将window.location更改为进行身份验证的php文件,设置cookie并重定向到返回参数。根据请求与cookie一起发送的事实判断,我猜它正在设置,但我似乎无法访问它。
{
"startedDateTime": "2017-10-27T18:05:36.538Z",
"time": 271.7059999888301,
"request": {
"method": "GET",
"url": "https://supportworkslab.sw.test/sw/selfservice/sso/saml_auth.php?wssinstance=selfservice&returnto=http%3A%2F%2Flocalhost%2Fsw%2Fselfservice",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br"
},
{
"name": "Host",
"value": "supportworkslab.sw.test"
},
{
"name": "Accept-Language",
"value": "en-US,en;q=0.9"
},
{
"name": "Upgrade-Insecure-Requests",
"value": "1"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36"
},
{
"name": "Accept",
"value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8"
},
{
"name": "Referer",
"value": "http://localhost/sw/selfservice/"
},
{
"name": "Cookie",
"value": "auth=eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM2MGRjLTBhOTI5NWFlLTQxYzEiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D; SimpleSAMLAuthToken=_04a2be772f96fad7c5e2452846c05df5cbd570305e; SimpleSAML=62d6b2ebea7f66b0360a328dcb4f77a7; PHPSESSID=k9hpb09i3omt43bv7gireeuid0"
},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Cache-Control",
"value": "no-cache"
}
],
"queryString": [
{
"name": "wssinstance",
"value": "selfservice"
},
{
"name": "returnto",
"value": "http%3A%2F%2Flocalhost%2Fsw%2Fselfservice"
}
],
"cookies": [
{
"name": "auth",
"value": "eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM2MGRjLTBhOTI5NWFlLTQxYzEiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "SimpleSAMLAuthToken",
"value": "_04a2be772f96fad7c5e2452846c05df5cbd570305e",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "SimpleSAML",
"value": "62d6b2ebea7f66b0360a328dcb4f77a7",
"expires": null,
"httpOnly": false,
"secure": false
},
{
"name": "PHPSESSID",
"value": "k9hpb09i3omt43bv7gireeuid0",
"expires": null,
"httpOnly": false,
"secure": false
}
],
"headersSize": 996,
"bodySize": 0
},
"response": {
"status": 303,
"statusText": "See Other",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Date",
"value": "Fri, 27 Oct 2017 18:05:36 GMT"
},
{
"name": "Server",
"value": "Apache"
},
{
"name": "Content-Type",
"value": "text/html"
},
{
"name": "Location",
"value": "http://localhost/sw/selfservice"
},
{
"name": "Set-Cookie",
"value": "SimpleSAML=62d6b2ebea7f66b0360a328dcb4f77a7; path=/; HttpOnly"
},
{
"name": "Set-Cookie",
"value": "PHPSESSID=k9hpb09i3omt43bv7gireeuid0; path=/; HttpOnly"
},
{
"name": "Set-Cookie",
"value": "auth=eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM3NTcwLTBhZTJmNzAzLTNmMTIiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D; expires=Fri, 27-Oct-2017 18:06:36 GMT; Max-Age=60; domain=localhost"
},
{
"name": "Cache-Control",
"value": "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
},
{
"name": "Content-Security-Policy",
"value": "default-src 'self' *.sw.test; frame-src *.twitter.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.twitter.com *.twimg.com; style-src 'self' 'unsafe-inline' *.twitter.com *.twimg.com; img-src 'self' data: *.twimg.com *.twitter.com;"
},
{
"name": "Connection",
"value": "Keep-Alive"
},
{
"name": "Keep-Alive",
"value": "timeout=5, max=100"
},
{
"name": "Content-Length",
"value": "0"
},
{
"name": "Expires",
"value": "Thu, 19 Nov 1981 08:52:00 GMT"
}
],
"cookies": [
{
"name": "SimpleSAML",
"value": "62d6b2ebea7f66b0360a328dcb4f77a7",
"path": "/",
"expires": null,
"httpOnly": true,
"secure": false
},
{
"name": "PHPSESSID",
"value": "k9hpb09i3omt43bv7gireeuid0",
"path": "/",
"expires": null,
"httpOnly": true,
"secure": false
},
{
"name": "auth",
"value": "eyJzdWNjZXNzIjoiQXV0aGVudGljYXRpb24gc3VjY2VzcyEiLCJjdXN0aWQiOiJhbGFuYyIsInNlc3Npb25JZCI6IjU5ZjM3NTcwLTBhZTJmNzAzLTNmMTIiLCJ3ZWJGbGFncyI6IjIxNDc0ODk1NTEiLCJjYWxsQ2xhc3MiOiJJbmNpZGVudCIsImFzc2lnbkdyb3VwIjoiU1VQUE9SVCIsImFzc2lnbkFuYWx5c3QiOiIifQ%3D%3D",
"domain": "localhost",
"expires": "2017-10-27T18:06:36.254Z",
"httpOnly": false,
"secure": false
}
],
"content": {
"size": 0,
"mimeType": "text/html",
"compression": 0
},
"redirectURL": "http://localhost/sw/selfservice",
"headersSize": 1104,
"bodySize": 0,
"_transferSize": 1104
},
答案 0 :(得分:0)
确保定义$ cred var并使用有效的字符串
确保$ location上的parse_url()函数的结果返回一个有效的字符串....它必须与您所处理的域完全匹配,因此请注意子域问题。
显然要确保在它到期前检查...... 60秒。