saml: Make it possible to go back to the discovery service page after starting SSO.

Fixes issue 230 git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1900 44740490-163a-0410-bde0-09ae8108e29a

saml: Make it possible to go back to the discovery service page after starting SSO.
7facb172 · Olav Morken · 2f850f4c · 7facb172 · 7facb172 · 7facb172
Commit 7facb172 authored 15 years ago by Olav Morken
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -146,7 +146,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$ar = new SimpleSAML_XML_Shib13_AuthnRequest();
 		$ar->setIssuer($this->entityId);
-		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml1');
+		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
 		$ar->setRelayState($id);
 		$useArtifact = $idpMetadata->getBoolean('saml1.useartifact', NULL);
@@ -185,7 +185,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 			$ar->setRelayState($state['SimpleSAML_Auth_Default.ReturnURL']);
 		}
-		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:ssosent-saml2');
+		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
 		$ar->setId($id);
 		$b = new SAML2_HTTPRedirect();
@@ -229,7 +229,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 	 */
 	private function startDisco(array $state) {
-		$id = SimpleSAML_Auth_State::saveState($state, 'saml:disco');
+		$id = SimpleSAML_Auth_State::saveState($state, 'saml:sp:sso');
 		$config = SimpleSAML_Configuration::getInstance();

--- a/modules/saml/www/sp/discoresp.php
+++ b/modules/saml/www/sp/discoresp.php
@@ -12,7 +12,7 @@ if (!array_key_exists('idpentityid', $_REQUEST)) {
 	throw new SimpleSAML_Error_BadRequest('Missing idpentityid to discovery service response handler');
 }
-$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:disco');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthID'], 'saml:sp:sso');
 /* Find authentication source. */
 assert('array_key_exists("saml:sp:AuthId", $state)');

--- a/modules/saml/www/sp/saml1-acs.php
+++ b/modules/saml/www/sp/saml1-acs.php
@@ -18,7 +18,7 @@ $sourceId = substr($sourceId, 1, $end - 1);
 $source = SimpleSAML_Auth_Source::getById($sourceId, 'sspmod_saml_Auth_Source_SP');
-$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:ssosent-saml1');
+$state = SimpleSAML_Auth_State::loadState($_REQUEST['TARGET'], 'saml:sp:sso');
 /* Check that the authentication source is correct. */
 assert('array_key_exists("saml:sp:AuthId", $state)');
@@ -26,6 +26,12 @@ if ($state['saml:sp:AuthId'] !== $sourceId) {
 	throw new SimpleSAML_Error_Exception('The authentication source id in the URL does not match the authentication source which sent the request.');
 }
+if (!isset($state['saml:idp'])) {
+	/* We seem to have received a response without sending a request. */
+	throw new SimpleSAML_Error_Exception('SAML 1 response received before SAML 1 request.');
+}
 $spMetadata = $source->getMetadata();
 $idpEntityId = $state['saml:idp'];

--- a/modules/saml/www/sp/saml2-acs.php
+++ b/modules/saml/www/sp/saml2-acs.php
@@ -16,7 +16,7 @@ if (!($response instanceof SAML2_Response)) {
 $stateId = $response->getInResponseTo();
 if (!empty($stateId)) {
 	/* This is a response to a request we sent earlier. */
-	$state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:ssosent-saml2');
+	$state = SimpleSAML_Auth_State::loadState($stateId, 'saml:sp:sso');
 	/* Check that the authentication source is correct. */
 	assert('array_key_exists("saml:sp:AuthId", $state)');