Returning from IDP after login not working properly

Rick Warren

unread,

Apr 17, 2015, 12:26:39 PM4/17/15

to simple...@googlegroups.com

To illustrate it properly:

user is redirected to SP from http://www.example.com/path/to/index.php

And then redirected to IDP with the RelayState of http://sp.example.com/path/to/index.php

user logs in and is then redirected to http://sp.example.com/path/to/index.php which does not exist.

This is wrong, the user should be redirected to http://www.example.com/path/to/index.php

Why is this happening and how do I fix it?

DeLong Zachery

unread,

Apr 17, 2015, 4:30:41 PM4/17/15

to simple...@googlegroups.com

It’s almost definitely an issue with the metadata being sent back and forth. Offhand, Check the saml20-sp-remote.php file in the metadata/ directory.

Rick Warren

unread,

Apr 17, 2015, 5:09:55 PM4/17/15

to simple...@googlegroups.com

That file on the IDP has like 15 different service providers defined in it, the latest being the service provider in question. I took this straight from the federation page on the service provider admin site.

What would I be looking for here exactly?

Rick Warren

unread,

Apr 17, 2015, 7:40:07 PM4/17/15

to simple...@googlegroups.com

Here is the output of the html headers on the page that calls $as->requireAuth();

HTTP/?.? 302 Found

Server: nginx/1.6.3

Date: Fri, 17 Apr 2015 23:34:40 GMT

Content-Type: text/html

Content-Length: 1809

Connection: keep-alive

Keep-Alive: timeout=10

X-Powered-By: PHP/5.5.18

Set-Cookie: SDAuthID=284481593e5d79208c562bb5f060017e; expires=Sat, 18-Apr-2015 07:34:40 GMT; Max-Age=28800; path=/; domain=.example.org; secure; httponly

SDAuthID=c4a9e78ba0abbe43dc008340bca1386d; expires=Sat, 18-Apr-2015 07:34:40 GMT; Max-Age=28800; path=/; domain=.example.org; secure; httponly

Location: https://sso.example.org/sdauth/saml2/idp/SSOService.php?SAMLRequest=jVJLb8IwDP4rVe6lNC10iwCJgaYhsQ1RtsMuU0gMREqTLk73%2BPcLhU3dBe1m2f4e%2FuQR8krXbNr4g1nDWwPoo89KG2TtYEwaZ5jlqJAZXgEyL1g5vV8y2uuz2llvhdWkA7mM4IjgvLKGRIv5mLzKLR2CoFfZdbYt5LGGPBe0SIVIZQaDbTG8llcylZREz%2BAwIMckEAU4YgMLg54bH1r9dBD38zgtNjRjWc7y%2FguJ5uEaZbhvUQfva2RJgmh7CHonAdXe9KzbJyh5uD852qeJknVSlo8luHcloFcfahJNf2zPrMGmAneePq2XHeI6rqyVGmjREaBdhcrKRrecrViAnERjLvC3S6LVOdcbZaQy%2B8uRbk9LyO42m1W8eiw3ZDI68rA2Ijf5v79R0sWNTq%2FxEBQX85XVSnxFt9ZV3F82dOwoGe%2FaVeYdN6jA%2BJCi1vZj5oB7GBPvGiDJ5CT59wEn3w%3D%3D&RelayState=https%3A%2F%2Fsp.example.org%2Fmoodle27%2Fauth%2Fsaml%2Findex.php

Pragma: no-cache

Cache-Control: no-cache, must-revalidate

Front-End-Https: on

Rick Warren

unread,

Apr 18, 2015, 2:36:37 AM4/18/15

to simple...@googlegroups.com

I got it figured out.

Gokul NK

unread,

Apr 22, 2015, 4:00:46 AM4/22/15

to simple...@googlegroups.com

Explaining how you figured that out might help out somebody else. Please consider posting a summary atleast.

Reply all

Reply to author

Forward