/auth/saml doesn't redirect to deep-linked pages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Medium
|
PiersHarding |
Bug Description
/auth/saml/
The attached patch makes it so that it redirects to whatever page sent it to the /auth/saml/
A couple of notes:
1) I don't grok what's going on with the SESSION stuff...closing the session to let SAML do its thing, then opening the session again...so I just wrote directly to the $_SESSION array rather than using the abstraction. You may want to refactor that part, unless what I did happens to make sense in the context.
2) I suppose there should be a config option to force redirecting to a front page and forbid deep-linking? Not sure.
Patch applies to both 1.3_STABLE and master.
Changed in mahara: | |
status: | New → Fix Committed |
Changed in mahara: | |
milestone: | none → 1.4.0 |
status: | Fix Committed → Fix Released |
assignee: | nobody → PiersHarding (piersharding) |
importance: | Undecided → Medium |
Hello Rich,
I do not have SAML installation to test it unfortinately. Can you please tell me what (! $saml_session- >getIdP( )) condition statement checks for, is that check a necessary one?
Also, it is probably needed to unset session variable before final redirection.
Can you please test the patch below (apply it instead of yours, not on top)?