What happened?
SAML2 authentication kills server with infinite loop once not logged in user tries to access plugin pages. For this to happen plugin just has to meet two requirements:
1) Plugin pages has a function call require_login();
2) Plugin has page setup.php with require_login();
Lets say we have such plugin called A.
In such case, when one of plugin A pages is accessed by not authenticated user, function saml_login() is called. This function on line 434 requires setup.php file and instead of saml2 setup.php, the plugin A setup.php file is loaded and require_login() is called again.
This happens for example with Totara contentmarketplace plugin.
What you expected:
saml_login() function should load saml2 setup.php file.
FIX
Saml2/auth.php file on line 434 instead of:
require('setup.php');
Should be:
require("$CFG->dirroot/auth/saml2/setup.php");
What happened? SAML2 authentication kills server with infinite loop once not logged in user tries to access plugin pages. For this to happen plugin just has to meet two requirements: 1) Plugin pages has a function call require_login(); 2) Plugin has page setup.php with require_login();
Lets say we have such plugin called A. In such case, when one of plugin A pages is accessed by not authenticated user, function saml_login() is called. This function on line 434 requires setup.php file and instead of saml2 setup.php, the plugin A setup.php file is loaded and require_login() is called again.
This happens for example with Totara contentmarketplace plugin.
What you expected: saml_login() function should load saml2 setup.php file.
FIX Saml2/auth.php file on line 434 instead of: require('setup.php'); Should be: require("$CFG->dirroot/auth/saml2/setup.php");