mahara-contributors team mailing list archive

[Rich Trott <688395@xxxxxxxxxxxxxxxxxx>]

I'm attaching a slightly improved patch.  Improvements from my first
attempt:

1) It uses the Session object rather than the $_SESSION variable.
2) As you (Ruslan) recommended, it clears the wantsurl data out of the Session object.

I tried to move the reading of wantsurl (and clearing of the wantsurl
data) to immediately before the redirect that uses $wants_url (which
would eliminate the passing of $wants_url as a parameter to
simplesaml_init()), but by that point, the Session object has been
transformed somewhere somehow (part of the SAML process inherently?),
and the data is already gone.

** Patch added: "0001-saml-redirect-to-deep-linked-pages-bug-688395.patch"
   https://bugs.launchpad.net/mahara/+bug/688395/+attachment/1762277/+files/0001-saml-redirect-to-deep-linked-pages-bug-688395.patch

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/688395

Title:
  /auth/saml doesn't redirect to deep-linked pages

Status in Mahara ePortfolio:
  New

Bug description:
  /auth/saml/index.php always redirects to $CFG->wwwroot, even when the original page requested is something else.

The attached patch makes it so that it redirects to whatever page sent it to the /auth/saml/index.php in the first place.

A couple of notes:

1) I don't grok what's going on with the SESSION stuff...closing the session to let SAML do its thing, then opening the session again...so I just wrote directly to the $_SESSION array rather than using the abstraction.  You may want to refactor that part, unless what I did happens to make sense in the context.

2)  I suppose there should be a config option to force redirecting to a front page and forbid deep-linking?  Not sure.

Patch applies to both 1.3_STABLE and master.