Open ktbartholomew opened 8 years ago
Hi @ktbartholomew, I ran into this issue on a subdirectory multisite. Do you know of any workarounds or a fix?
@stocker There's no easy workaround that doesn't involve a significant re-work of how SimpleSAMLPHP fits into the auth flow. It would end up being a huge change, and one that I simply don't have the time to work through. I wish I had a better answer for you, but this is at the very edge of how SimpleSAMLPHP was designed to be used.
Hi Keith. Thanks for the prompt reply. It was very helpful that you had documented this issue , so I didn’t bang my head against it for hours.
From: Keith Bartholomew notifications@github.com Reply-To: ktbartholomew/saml-20-single-sign-on reply@reply.github.com Date: Tuesday, February 7, 2017 at 10:06 AM To: ktbartholomew/saml-20-single-sign-on saml-20-single-sign-on@noreply.github.com Cc: "Scott B. Stocker" stocker@stanford.edu, Mention mention@noreply.github.com Subject: Re: [ktbartholomew/saml-20-single-sign-on] Subfolder Multisite confuses SimpleSAMLPHP (#2)
@stockerhttps://github.com/stocker There's no easy workaround that doesn't involve a significant re-work of how SimpleSAMLPHP fits into the auth flow. It would end up being a huge change, and one that I simply don't have the time to work through. I wish I had a better answer for you, but this is at the very edge of how SimpleSAMLPHP was designed to be used.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/ktbartholomew/saml-20-single-sign-on/issues/2#issuecomment-278087550, or mute the threadhttps://github.com/notifications/unsubscribe-auth/ABGJ1wAkIREEAHgWqWOcNYNaRTu287AKks5raLKKgaJpZM4G8-1W.
@stocker If you manage some workaround for this in your environment, I'm sure others would benefit from you including your solution here. PRs are welcome too, if you're so inclined 😄
Subfolder multisite installs use URL rewriting to ensure that all the sites use the same plugin files, but this creates some issues with SimpleSAMLPHP.
Destination
attribute that includes the site's subfolder. When SimpleSAMLPHP tries to process the response, it believes its current URL is that of the site's main blog instead and throws an exception.The plugin should normalize all URLs to fall under that of the main blog, to be consistent with the way Wordpress routes these requests. Other parts of the SAML request (most likely the
ReturnTo
property should ensure that the user is redirected to the correct blog after the SAML process is complete.