Comment 3 for bug 688395

When I run with your patch, I get:
  Fatal error: Call to a member function get() on a non-object in /web/mahara/mahara/htdocs/auth/saml/index.php on line 82

$SESSION has not been initialized, so that would seem to be the problem. Previously, I had played around with instantiating the object early, but that seemed to have other undesirable side effects that I am unable to recall right now.

If I understand correctly, when saml_session->getIdP() returns something, that means that we've been directed back to index.php, so the referer is the IdP. If it's *not* set, then it's our first time through, so the referer should be the Mahara page the user wants. Admittedly, there may be room for improvement in that logic and/or there may be things about SAML/etc. that I'm failing to take into consideration. But it does seem to work in my environment.