search

derricksmith / phpsaml

GLPI Plugin - SAML integration using the Onelogin SAML Library
MIT License
32 stars 24 forks source link

"Redirection failed" after login #160

Open efriastech opened 10 months ago

efriastech commented 10 months ago

Hello, when connecting using LDAP or internal accounts, redirections work fine.

Example URL: https://glpi.domain.com/front/ticket.form.php?id=52916

However, when using SSO to login, I get a "Redirection failed" message and get brought to the default index dashboard homepage.

Any ideas on what that could be?

System: Latest PHPSAML (as of 2024-01-15) GLPI v 10.0.11 PHP 8.1

REMY31470 commented 10 months ago

Hello,

I've got the same message as you when you want to open a link to a ticket directly.

image

DonutsNL commented 10 months ago

Its a known issue that has been researched earlier, fixed for a short while and broke again with later GLPI versions. It has to do with how the redirect url is composed after redirected back by the identity provider. The function currently is using the _SERVER superglobal that is populated depending on the webserver setup, how the glpi instance it is called by the client, and it is not dealing with all possible variations that could occur. We should instead be using the GLPI configuration objects like 'base_url' to compose the correct redirect urls and paths.

At the moment I am not actively reasearching this issue as its a 'nice to have' for me atm. I am prioritizing breaking issues and other work over this one. Thanks for re-registering it though, because its a valid issue.

dkdlv commented 7 months ago

Same here, even connecting through the root url of glpi.

I got rid of the message this way: ./glpi/plugins/phpsaml/inc/phpsaml.class.php (l207-209) : 

        if ($relayState) {
//            $REDIRECT = "?redirect=" . rawurlencode($relayState);
            $REDIRECT = "";
        }

I now have to search what kind of backfire I may suffer doing that...

DonutsNL commented 7 months ago

Maybe have a look at: https://plugins.glpi-project.org/#/plugin/glpisaml.

The stable version will be available somewhere next month. It allready supports most of this plugin and has user right rules implemented as well.

Also nice to know, GLPI is considering of actively supporting this plugin for their paying customers as well. We are currently working together to get the plugin where it needs to be for this.