mahara-contributors team mailing list archive

[Launchpad Bug Tracker <1689685@xxxxxxxxxxxxxxxxxx>]

[Expired for Mahara because there has been no activity for 60 days.]

** Changed in: mahara
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1689685

Title:
  SAML SSO authentication doesn't work as SimpleSAMLphp generates non-
  existent AssertionConsumerServiceURL

Status in Mahara:
  Expired

Bug description:
  Wrong AssertionConsumerServiceURL is genereated in SAML2-AuthRequest.

  Mahara 16.10.3 and CentOS Linux release 7.2

  Since 16.10.x release, the SimpleSAMLphp library is included as a
  managed dependency with the Mahara codebase.

  We noticed that before sending an AuthRequest to an IDP, it generates
  wrong AssertionConsumerServiceURL behaving like it is hosted
  separately with Mahara which ends up in SSO failure.

  In our case, it generates  https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
  instead of https://localhost/auth/saml/sp/saml2-acs.php/default-sp.

  We tracked down that it is generated using 'baseurlpath' => 'simplesaml/' defined in htdocs/auth/saml/config/config.php
  and
  $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId)); defined in htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php line 189.

  As a workaround, we have hacked the SimpleSAMLphp library for
  generating correct AssertionConsumerServiceURL which solves this
  issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1689685/+subscriptions