Open sandeepdr opened 8 years ago
Thanks, I can deal with it in January.
Hello, any update with this? I tried fixing this issue for two hours and had no luck. I don't know the internals of simplesamlphp and this module. Can you help?
FYI. I started trying to replace this (on login.php):
SimpleSAML_Auth_Default::initLogin($as['mainAuthSource'], SimpleSAML_Utilities::selfURL());
With...
$ass = SimpleSAML_Auth_Source::getById($authId);
$ass->initLogin(SimpleSAML_Utilities::selfURL());
It didn't worked with the change I made. I did that because I was reading that SimpleSAML_Auth_Default::initLogin is deprecated. We are using Single Log Out (initSLO.php) and as I see in the flow of simplesamlphp, it never calls this module for logging out. So I thought that maybe the problem is how this module creates the session and how it authenticates the user.
My two cents.
If you can create a proper pull request, it will be merged.
I have resolved a single logout issue. as we need to do a chaining logout process. issue like it will logout from authtfaga state but it will not logout to mainauthsource.
Need to add below method in "authtfaga.php" file
public function logout(&$returnTo) {
$as = SimpleSAML_Configuration::getConfig('authsources.php')->getValue($this->authId);
$authSource = new \SimpleSAML\Auth\Simple($as['mainAuthSource']);
$authSource->logout($returnTo);
\SimpleSAML\Session::getSessionFromRequest()->cleanup();
}
With this module, sign in works perfectly fine (both Active Directory and OTP). For single logout, SimpleSAMLPhp do send a "success" logout message to service provider but when accessed the same URL , it directly takes to OTP page bypassing the login page for AD authentication. SimpleSAMLPhp is Identity provider in my case.
Expected Result: SimpleSAMLPhp should throw login page. Current Result: SimpleSAMLPhp bypasses the login page and takes to OTP page.