Public bug reported: Wrong AssertionConsumerServiceURL is genereated in SAML2-AuthRequest.
Mahara 16.10.3 and CentOS Linux release 7.2 Since 16.10.x release, the SimpleSAMLphp library is included as a managed dependency with the Mahara codebase. We noticed that before sending an AuthRequest to an IDP, it generates wrong AssertionConsumerServiceURL behaving like it is hosted separately with Mahara which ends up in SSO failure. In our case, it generates https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp instead of https://localhost/auth/saml/sp/saml2-acs.php/default-sp. We tracked down that it is generated using 'baseurlpath' => 'simplesaml/' defined in htdocs/auth/saml/config/config.php and $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId)); defined in htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php line 189. As a workaround, we have hacked the SimpleSAMLphp library for generating correct AssertionConsumerServiceURL which solves this issue. ** Affects: mahara Importance: Undecided Status: New ** Description changed: - Wrong AssertionConsumerServiceURL is genereated in SAML2-AuthnRequest. + Wrong AssertionConsumerServiceURL is genereated in SAML2-AuthRequest. Mahara 16.10.3 and CentOS Linux release 7.2 - - Since 16.10.x release, the SimpleSAMLphp library is included as a managed dependency with the Mahara codebase. + Since 16.10.x release, the SimpleSAMLphp library is included as a + managed dependency with the Mahara codebase. We noticed that before sending an AuthRequest to an IDP, it generates wrong AssertionConsumerServiceURL behaving like it is hosted separately with Mahara which ends up in SSO failure. - In our case, it generates https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp - instead of https://localhost/auth/saml/sp/saml2-acs.php/default-sp. + In our case, it generates https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp + instead of https://localhost/auth/saml/sp/saml2-acs.php/default-sp. - We tracked down that it is generated using 'baseurlpath' => 'simplesaml/' defined in htdocs/auth/saml/config/config.php + We tracked down that it is generated using 'baseurlpath' => 'simplesaml/' defined in htdocs/auth/saml/config/config.php and $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId)); defined in htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php line 189. As a workaround, we have hacked the SimpleSAMLphp library for generating correct AssertionConsumerServiceURL which solves this issue. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1689685 Title: SAML SSO authentication doesn't work as SimpleSAMLphp generates non- existent AssertionConsumerServiceURL Status in Mahara: New Bug description: Wrong AssertionConsumerServiceURL is genereated in SAML2-AuthRequest. Mahara 16.10.3 and CentOS Linux release 7.2 Since 16.10.x release, the SimpleSAMLphp library is included as a managed dependency with the Mahara codebase. We noticed that before sending an AuthRequest to an IDP, it generates wrong AssertionConsumerServiceURL behaving like it is hosted separately with Mahara which ends up in SSO failure. In our case, it generates https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp instead of https://localhost/auth/saml/sp/saml2-acs.php/default-sp. We tracked down that it is generated using 'baseurlpath' => 'simplesaml/' defined in htdocs/auth/saml/config/config.php and $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId)); defined in htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php line 189. As a workaround, we have hacked the SimpleSAMLphp library for generating correct AssertionConsumerServiceURL which solves this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1689685/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : mahara-contributors@lists.launchpad.net Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
