mahara-contributors team mailing list archive

Thread
Date

[Bug 688395] Re: /auth/saml doesn't redirect to deep-linked pages

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: PiersHarding <piers@xxxxxxxxx>
Date: Mon, 13 Dec 2010 23:05:22 -0000
Reply-to: Bug 688395 <688395@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi -
Thanks for looking into this problem - this is much easier to fix in Moodle than Mahara as Moodle already has the concept of wantsurl built into the authentication system.

I have committed a hybrid fix to HEAD that will preserve a wantsurl
query string parameter throughout the saml authentication redirection
process, based on what is initially stuffed in the session relating to
simplesamlphp. Incidentally, this is where all the grief comes from
with saml and sessions as, the session management scheme configured for
ssphp, is not necessarily the same as for mahara, and there is an added
complication of ssphp registered shutdown handlers.

So - if a user goes to
http://mahara.local.net/maharadev/auth/saml/?wantsurl=http://mahara.local.net/maharadev/user/view.php...
then they will end up at
http://mahara.local.net/maharadev/user/view.php... after loggin in.

I realise that this is not a complete solution as wantsurl is not being
automatically determined by the initial access attempt (eg. goto
http://mahara.local.net/maharadev/user/view.php?id=2 but get the login
to Mahara screen), but there is another step that needs to be resolved
here, in that the default login screen needs to detect that the user is
not logged in and have the capacity to offer a 'click here to login via
SSO' link(plugin would need to calculate this link), or completely
override the login challenge screen and redirect to /auth/saml (don't
like this option as SAML should not be the only auth mechanism available
- need a backup option..).

Cheers,
Piers Harding.

** Bug watch added: mahara.local.net/maharadev/user/ #2
http://mahara.local.net/maharadev/user/view.php?id=2

--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/688395

Title:
/auth/saml doesn't redirect to deep-linked pages

Status in Mahara ePortfolio:
New

Bug description:
/auth/saml/index.php always redirects to $CFG->wwwroot, even when the original page requested is something else.

The attached patch makes it so that it redirects to whatever page sent it to the /auth/saml/index.php in the first place.

A couple of notes:

1) I don't grok what's going on with the SESSION stuff...closing the session to let SAML do its thing, then opening the session again...so I just wrote directly to the $_SESSION array rather than using the abstraction. You may want to refactor that part, unless what I did happens to make sense in the context.

2) I suppose there should be a config option to force redirecting to a front page and forbid deep-linking? Not sure.

Patch applies to both 1.3_STABLE and master.

References

[Bug 688395] [NEW] /auth/saml doesn't redirect to deep-linked pages
From: Rich Trott, 2010-12-10