Skip to content
Snippets Groups Projects
Commit 7facb172 authored by Olav Morken's avatar Olav Morken
Browse files

saml: Make it possible to go back to the discovery service page after starting SSO.

Fixes issue 230

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1900 44740490-163a-0410-bde0-09ae8108e29a
parent 2f850f4c
No related branches found
No related tags found
No related merge requests found
...@@ -146,7 +146,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { ...@@ -146,7 +146,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$ar = new SimpleSAML_XML_Shib13_AuthnRequest(); $ar = new SimpleSAML_XML_Shib13_AuthnRequest();
$ar->setIssuer($this->entityId); $ar->setIssuer($this->entityId);
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml1'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
$ar->setRelayState($id); $ar->setRelayState($id);
$useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL); $useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL);
...@@ -185,7 +185,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { ...@@ -185,7 +185,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
$ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']); $ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']);
} }
$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
$ar->setId($id); $ar->setId($id);
$b = new SAML2_HTTPRedirect(); $b = new SAML2_HTTPRedirect();
...@@ -229,7 +229,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source { ...@@ -229,7 +229,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
*/ */
private function startDisco(array $state) { private function startDisco(array $state) {
$id = SimpleSAML_Auth_State::saveState($state, 'saml:disco'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
$config = SimpleSAML_Configuration::getInstance(); $config = SimpleSAML_Configuration::getInstance();
......
...@@ -12,7 +12,7 @@ if (!array_key_exists('idpentityid', $_REQUEST)) { ...@@ -12,7 +12,7 @@ if (!array_key_exists('idpentityid', $_REQUEST)) {
throw new SimpleSAML_Error_BadRequest('Missing idpentityid to discovery service response handler'); throw new SimpleSAML_Error_BadRequest('Missing idpentityid to discovery service response handler');
} }
$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:disco'); $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:sp:sso');
/* Find authentication source. */ /* Find authentication source. */
assert('array_key_exists("saml:sp:AuthId", $state)'); assert('array_key_exists("saml:sp:AuthId", $state)');
......
...@@ -18,7 +18,7 @@ $sourceId = substr($sourceId, 1, $end - 1); ...@@ -18,7 +18,7 @@ $sourceId = substr($sourceId, 1, $end - 1);
$source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP'); $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:ssosent-saml1'); $state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
/* Check that the authentication source is correct. */ /* Check that the authentication source is correct. */
assert('array_key_exists("saml:sp:AuthId", $state)'); assert('array_key_exists("saml:sp:AuthId", $state)');
...@@ -26,6 +26,12 @@ if ($state['saml:sp:AuthId'] !== $sourceId) { ...@@ -26,6 +26,12 @@ if ($state['saml:sp:AuthId'] !== $sourceId) {
throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.'); throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
} }
if (!isset($state['saml:idp'])) {
/* We seem to have received a response without sending a request. */
throw new SimpleSAML_Error_Exception('SAML 1 response received before SAML 1 request.');
}
$spMetadata = $source->getMetadata(); $spMetadata = $source->getMetadata();
$idpEntityId = $state['saml:idp']; $idpEntityId = $state['saml:idp'];
......
...@@ -16,7 +16,7 @@ if (!($response instanceof SAML2_Response)) { ...@@ -16,7 +16,7 @@ if (!($response instanceof SAML2_Response)) {
$stateId = $response->getInResponseTo(); $stateId = $response->getInResponseTo();
if (!empty($stateId)) { if (!empty($stateId)) {
/* This is a response to a request we sent earlier. */ /* This is a response to a request we sent earlier. */
$state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:ssosent-saml2'); $state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:sso');
/* Check that the authentication source is correct. */ /* Check that the authentication source is correct. */
assert('array_key_exists("saml:sp:AuthId", $state)'); assert('array_key_exists("saml:sp:AuthId", $state)');
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment