mfprimo
commented
3 years ago The SP sets this cookie:
Set-Cookie: SimpleSAMLAuthToken-SP=****; path=/sp/; domain=.svuonline.org; secure; HttpOnly; SameSite=None
This cookie is limited to the /sp/ path. Then, after a succesfully response from the IdP, the SP redirect to Moodle:
Location: https://llc.svuonline.org/login/index.php
Our plugin try to ask to the SP if there is a valid session, using the
$auth->requireAuth()
but Moodle is under the path / thus the browser doesn't trasmit the SSP cookie, the SSP library cannon't find the session and the check fails. Then login process restarts...
At the moment I cannon't figure out if our auth plugin can prevent this. However it seems a strange setup for a production site. The SSP' docs clearly says:
https://simplesamlphp.org/docs/stable/simplesamlphp-idp#section_9
When running a SimpleSAMLphp IdP and a SimpleSAMLphp SP on the same computer, the SP and IdP MUST be configured with different hostnames. This prevents cookies from the SP to interfere with cookies from the IdP.
In a develop environment, you can try to set the cookie path to / in the SP configuration.
naamaan
Hi, I'd setup SSP solution that stores data in MySql database, and want to use this plugin in my Moodle v10 installation for it, you can try it here:
IDP https://llc.svuonline.org/sso/ SP https://llc.svuonline.org/sp/ Moodle https://llc.svuonline.org/login/index.php
The installation is using the default authsource setup, and this user is registered in Moodle: username: ** password: ***
Everything works fine between the IDP and the SP, but when trying through the Moodle it loops in infinite blank page on the IDP.
Any help,