saml: Use RelayState to save return URL for unsoliced response.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1786 44740490-163a-0410-bde0-09ae8108e29a

saml: Use RelayState to save return URL for unsoliced response.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1786 44740490-163a-0410-bde0-09ae8108e29a
3b2f4e77 · Olav Morken · c695a532 · 3b2f4e77 · 3b2f4e77
Commit 3b2f4e77 authored 15 years ago by Olav Morken
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -170,6 +170,10 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId));
 		$ar->setProtocolBinding(SAML2_Const::BINDING_HTTP_POST);

+		if (isset($state['SimpleSAML_Auth_Default.ReturnURL'])) {
+			$ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']);
+		}
+
 		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2');
 		$ar->setId($id);

@@ -386,7 +390,11 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$state['Attributes'] = $authProcState['Attributes'];

 		if (isset($state['saml:sp:isUnsoliced']) && (bool)$state['saml:sp:isUnsoliced']) {
-			$redirectTo = $source->getMetadata()->getString('RelayState', '/');
+			if (isset($state['saml:sp:RelayState'])) {
+				$redirectTo = $state['saml:sp:RelayState'];
+			} else {
+				$redirectTo = $source->getMetadata()->getString('RelayState', '/');
+			}
 			SimpleSAML_Auth_Default::handleUnsolicedAuth($sourceId, $state, $redirectTo);
 		}


--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -28,6 +28,7 @@ if (!empty($stateId)) {
 	$state = array(
 		'saml:sp:isUnsoliced' => TRUE,
 		'saml:sp:AuthId' => $sourceId,
+		'saml:sp:RelayState' => $response->getRelayState(),
 	);
 }