mahara-contributors team mailing list archive

[Rich Trott <688395@xxxxxxxxxxxxxxxxxx>]

When I run with your patch, I get:
  Fatal error: Call to a member function get() on a non-object in /web/mahara/mahara/htdocs/auth/saml/index.php on line 82

$SESSION has not been initialized, so that would seem to be the problem.
Previously, I had played around with instantiating the object early, but
that seemed to have other undesirable side effects that I am unable to
recall right now.

If I understand correctly, when saml_session->getIdP() returns
something, that means that we've been directed back to index.php, so the
referer is the IdP.  If it's *not* set, then it's our first time
through, so the referer should be the Mahara page the user wants.
Admittedly, there may be room for improvement in that logic and/or there
may be things about SAML/etc. that I'm failing to take into
consideration.  But it does seem to work in my environment.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/688395

Title:
  /auth/saml doesn't redirect to deep-linked pages

Status in Mahara ePortfolio:
  New

Bug description:
  /auth/saml/index.php always redirects to $CFG->wwwroot, even when the original page requested is something else.

The attached patch makes it so that it redirects to whatever page sent it to the /auth/saml/index.php in the first place.

A couple of notes:

1) I don't grok what's going on with the SESSION stuff...closing the session to let SAML do its thing, then opening the session again...so I just wrote directly to the $_SESSION array rather than using the abstraction.  You may want to refactor that part, unless what I did happens to make sense in the context.

2)  I suppose there should be a config option to force redirecting to a front page and forbid deep-linking?  Not sure.

Patch applies to both 1.3_STABLE and master.