Looking at the code I suspect its worked for some but not others is due to public function startSSO($idp, array $state)
in extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php where startSSO1 doesn't call the setAssertionConsumerServiceURL() but startSSO2 does The problem with fixing this is we can't patch the files in extlib/simplesamlphp/ subdir as they are fetched/installed via the make ssphp in the core code I'll have to check with our saml guru to see if we can workaround this via the saml config file -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1689685 Title: SAML SSO authentication doesn't work as SimpleSAMLphp generates non- existent AssertionConsumerServiceURL Status in Mahara: New Bug description: Wrong AssertionConsumerServiceURL is genereated in SAML2-AuthRequest. Mahara 16.10.3 and CentOS Linux release 7.2 Since 16.10.x release, the SimpleSAMLphp library is included as a managed dependency with the Mahara codebase. We noticed that before sending an AuthRequest to an IDP, it generates wrong AssertionConsumerServiceURL behaving like it is hosted separately with Mahara which ends up in SSO failure. In our case, it generates https://localhost/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp instead of https://localhost/auth/saml/sp/saml2-acs.php/default-sp. We tracked down that it is generated using 'baseurlpath' => 'simplesaml/' defined in htdocs/auth/saml/config/config.php and $ar->setAssertionConsumerServiceURL(SimpleSAML_Module::getModuleURL('saml/sp/saml2-acs.php/' . $this->authId)); defined in htdocs/auth/saml/extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php line 189. As a workaround, we have hacked the SimpleSAMLphp library for generating correct AssertionConsumerServiceURL which solves this issue. To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1689685/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
