From 7facb172a4c63c5b307d0f2bb012f5fe57d62cda Mon Sep 17 00:00:00 2001 From: Olav Morken <olav.morken@uninett.no> Date: Mon, 26 Oct 2009 13:18:56 +0000 Subject: [PATCH] saml: Make it possible to go back to the discovery service page after starting SSO. Fixes issue 230 git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1900 44740490-163a-0410-bde0-09ae8108e29a --- modules/saml/lib/Auth/Source/SP.php | 6 +++--- modules/saml/www/sp/discoresp.php | 2 +- modules/saml/www/sp/saml1-acs.php | 8 +++++++- modules/saml/www/sp/saml2-acs.php | 2 +- 4 files changed, 12 insertions(+), 6 deletions(-) diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php index 12fb37aea..3c4921be8 100644 --- a/modules/saml/lib/Auth/Source/SP.php +++ b/modules/saml/lib/Auth/Source/SP.php @@ -146,7 +146,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { $ar = new SimpleSAML_XML_Shib13_AuthnRequest(); $ar->setIssuer($this->entityId); - $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml1'); + $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso'); $ar->setRelayState($id); $useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL); @@ -185,7 +185,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { $ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']); } - $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2'); + $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso'); $ar->setId($id); $b = new SAML2_HTTPRedirect(); @@ -229,7 +229,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { */ private function startDisco(array $state) { - $id = SimpleSAML_Auth_State::saveState($state, 'saml:disco'); + $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso'); $config = SimpleSAML_Configuration::getInstance(); diff --git a/modules/saml/www/sp/discoresp.php b/modules/saml/www/sp/discoresp.php index 940d47bf1..6d9af381e 100644 --- a/modules/saml/www/sp/discoresp.php +++ b/modules/saml/www/sp/discoresp.php @@ -12,7 +12,7 @@ if (!array_key_exists('idpentityid', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing idpentityid to discovery service response handler'); } -$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:disco'); +$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:sp:sso'); /* Find authentication source. */ assert('array_key_exists("saml:sp:AuthId", $state)'); diff --git a/modules/saml/www/sp/saml1-acs.php b/modules/saml/www/sp/saml1-acs.php index 1568f06c2..11bbd1b32 100644 --- a/modules/saml/www/sp/saml1-acs.php +++ b/modules/saml/www/sp/saml1-acs.php @@ -18,7 +18,7 @@ $sourceId = substr($sourceId, 1, $end - 1); $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP'); -$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:ssosent-saml1'); +$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso'); /* Check that the authentication source is correct. */ assert('array_key_exists("saml:sp:AuthId", $state)'); @@ -26,6 +26,12 @@ if ($state['saml:sp:AuthId'] !== $sourceId) { throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.'); } +if (!isset($state['saml:idp'])) { + /* We seem to have received a response without sending a request. */ + throw new SimpleSAML_Error_Exception('SAML 1 response received before SAML 1 request.'); +} + + $spMetadata = $source->getMetadata(); $idpEntityId = $state['saml:idp']; diff --git a/modules/saml/www/sp/saml2-acs.php b/modules/saml/www/sp/saml2-acs.php index 7e7440036..1cd68509c 100644 --- a/modules/saml/www/sp/saml2-acs.php +++ b/modules/saml/www/sp/saml2-acs.php @@ -16,7 +16,7 @@ if (!($response instanceof SAML2_Response)) { $stateId = $response->getInResponseTo(); if (!empty($stateId)) { /* This is a response to a request we sent earlier. */ - $state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:ssosent-saml2'); + $state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:sso'); /* Check that the authentication source is correct. */ assert('array_key_exists("saml:sp:AuthId", $state)'); -- GitLab