Redirect loop in creating a user session, right after a SAML login

[sandorspruit]

I am experimenting with LimeSurvey SAML authentication, based on the plugin. Everything seems to be working just fine, users gets created in the database etc. but Yii loses the identity of the user right after the login. In particular: Yii::app()->user->getId() returns nothing after the final redirect to AdminController.

This causes LimeSurvey to redirect back and forth, indefinitely, between the AdminController (application/controllers/AdminController) and the authentication action (application/controllers/admin/authentication), until my browser gives up.

[Shnoulle]

Remind to put your LimeSurvey version :) 3.0 maybe ?

[sandorspruit]

Thanks for the heads-up :) I am on Lime 2.72.5+171121

[Shnoulle]

Did you try with deactivating CRSF ? https://github.com/pitbulk/limesurvey-saml/issues/4#issuecomment-277636362

[sandorspruit]

Yes, that was one of the first things we tried. I noticed some small changes in the authentication code, after a recent comfort update, so I'll re-investigate soon to see where that leaves me.

[Shnoulle]

This is strange, because webserver plugin are not updated since a lot of time :/

Else : maybe move this part to init : https://github.com/pitbulk/limesurvey-saml/blob/462eb5bf61d8fdeb2230ec97fad67a0dfce70791/AuthSAML/AuthSAML.php#L98

[sandorspruit]

I have already tried that. Now looking into the issue noted here: https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_6 (last couple of lines in section 6)

[Frankniesten]

Maybe your session is lost. Try a different session storage method in simplesamlphp.

[maettle]

I've got the same problem. After klicking the SAML button I get redirected to ADFS, and after the successful login it sends me into a never ending loop (and i don't know where), FF says Redirect Error. @sandorspruit did you solve this problem?

[sandorspruit]

Nope. At some point it was working 95% but the session issue kept coming up. Tried changing the simplesaml session storage method but it just wouldn't go away.

[foobarable]

Any hints here? I'm lso stuck with this issue. My gut feeling is that SSP kills the session from limesurvey so maybe the plugin needs to call $session->cleanup() (from SSP) at some point. But I still have no clue yet at what point this has to be done

[foobarable]

Yes, looks good.

I added:

$session = SimpleSAML_Session::getSessionFromRequest();
$session->cleanup();

to the newUserSession function right after getting all the attributes from SSP and it seems to work.