mahara-contributors team mailing list archive

Thread
Date

[Bug 688395] Re: /auth/saml doesn't redirect to deep-linked pages

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Rich Trott <688395@xxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Dec 2010 23:07:31 -0000
Reply-to: Bug 688395 <688395@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I applied your patch, and then moved these two lines directly above the
check for samluserfrom in the session.

require_once(dirname(dirname(dirname(__FILE__))) . '/auth/lib.php');
$SESSION = Session::singleton();

If I did that, a successful login was redirected to /auth/saml (which
then reports an error) rather than to the page I requested.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/688395

Title:
  /auth/saml doesn't redirect to deep-linked pages

Status in Mahara ePortfolio:
  New

Bug description:
  /auth/saml/index.php always redirects to $CFG->wwwroot, even when the original page requested is something else.

The attached patch makes it so that it redirects to whatever page sent it to the /auth/saml/index.php in the first place.

A couple of notes:

1) I don't grok what's going on with the SESSION stuff...closing the session to let SAML do its thing, then opening the session again...so I just wrote directly to the $_SESSION array rather than using the abstraction.  You may want to refactor that part, unless what I did happens to make sense in the context.

2)  I suppose there should be a config option to force redirecting to a front page and forbid deep-linking?  Not sure.

Patch applies to both 1.3_STABLE and master.

References

[Bug 688395] [NEW] /auth/saml doesn't redirect to deep-linked pages
From: Rich Trott, 2010-12-10