Hi Patrick!
Sorry for the late response, but I had to do some reading before being able to offer you a proper reply...
We’ve had a related issue for quite a long time:
https://github.com/simplesamlphp/simplesamlphp/issues/28
I think we should basically implement the Service Provider Request Initiation Protocol as requested by Tom in #174. My initial thoughts are:
- Use a different, new endpoint for this. “SSPROOT/module.php/saml/sp/ssoinit.php/authsource”? I think it’s perfectly fine to append the auth source name to the URL. That’s what we are doing with the rest of the endpoints in SP metadata, after all.
- Implement the protocol in that endpoint as described by the specification, paying special attention to the target parameter, which we should check as allowed (SimpleSAML\Utils\HTTP::checkURLAllowed($target)) after coming back from authentication. I don’t know if we should show an error if $target is forbidden by configuration or just redirect to the default URL.
- Make sure the SP metadata registers and exposes this endpoint URL as per the specification, maybe having a configuration option to tell whether to publish it or not, similarly to what we have already for other parts of metadata.
We don’t have this in the roadmap, and to be honest, I don’t have any clue on how big an amount of work would it be to implement this (though my impression is that it wouldn’t be too much). Would you be willing to help with the implementation?
> --
> You received this message because you are subscribed to the Google Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
simplesamlph...@googlegroups.com.
> To post to this group, send email to
simple...@googlegroups.com.
> Visit this group at
https://groups.google.com/group/simplesamlphp.
> For more options, visit
https://groups.google.com/d/optout.
--
Jaime Pérez
UNINETT / Feide
mail:
jaime...@uninett.no
xmpp:
ja...@jabber.uninett.no
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost