1) I don't grok what's going on with the SESSION stuff...closing the session to let SAML do its thing, then opening the session again...so I just wrote directly to the $_SESSION array rather than using the abstraction. You may want to refactor that part, unless what I did happens to make sense in the context.
2) I suppose there should be a config option to force redirecting to a front page and forbid deep-linking? Not sure.
The patch can be found at https://bugs.launchpad.net/mahara/+bug/688395.
]]>the auth/saml plugin does need an improvement to remember the original target URL when a user is forced around the login loop (eg. user goes to /user/view.php?id=123 ->redirected to /auth/saml/ -> some how knows to get back to /user/view.php?id=123 again...).
This has been done in Moodle with the wantsurl parameter, and something similar would work here (when I get enough tuits to make the change).
Cheers,
Piers Harding.
]]>For instance, if you send the user to /auth/saml for authentication, the user is just sent to the Mahara home page after authentication, but the user originally wanted to go to /user/view.php?id=123. Is there a way to tell /auth/saml that the user needs to go to /user/view.php?id=123 after authentication?
Thanks!
]]>For example, if you are not logged in and go to a URL like http://mahara.example.com/user/view.php?id=123, you get a login prompt that is incompatible with Shibboleth.
This is different than the prompt generated on the home page, which can be overridden in your theme with templates/sideblocks/login.tpl.
Instead, in the deep-linking case, the login prompt is generated by the JavaScript function show_login_form() in js/mahara.js.
I'm not sure what the best way to override that is. Maybe I have exceptionally weak Google Fu and jet-lag today.
]]>BTW there is little difference between the Internet2 Shibboleth 2.x SAML Service Provider and the SimpleSAMLPHP SAML Service Provider except for the Shibboleth SP supporting more SAML profiles and IMHO is easier to integrate into an some applications. And while I've used SSP for a number of federated sites I myself am happier using the Shiiboleth. Hey its one of those religion thangs.
Once I'm finished smooth over the cracks I'll put it up somewhere; perhaps of the Mahara plugin wiki site.
Found the bug: https://eduforge.org/tracker/index.php?func=detail&aid=3424&group_id=176&atid=739
]]>I'm not using it up to this date, but I've read the shibboleth web page and, I promise, I'll try it. It sounds very interesting and useful. Sincerely. Fred
So, I would like to know if some body is already working on a shibboleth auth plugins?
thanks in advance,
Hélène