URL Segment will fail if using ActiveDirectory Module + subsites

[torleif]

If you click the URL Segment, the new ?Stage=Stage prefix will cause the user to authenticate again. If you're using the SAML module, this won't work as you can only authenticate against one domain at a time.

it's similar too https://github.com/silverstripe/silverstripe-cms/issues/1312

My quick and ugly hack was to extend SiteTreeURLSegmentField that removes the ?stage=Stage prefix. Though the 'proper' way of solving this would be to either have an option to disable this in the Subsite Module, or pass in an authentication token.

[tractorcow]

Couldn't another solution be to actually link to the same domain as the user is authenticated against, but rather include SubsiteID= in the querystring? That way both stage=Stage and stage=Live will work as expected, and you'll be authenticating against the same domain only.

Maybe we could have a switch that enabled this behaviour, and document this in the ad / subsites modules as a "how to use these modules together".

[torleif]

@tractorcow: that's a very tidy solution, that's by far the best way solve this issue

[tractorcow]

I wish I had time to actually implement it... but +1 for putting it on the "to do" list. :D

[robbieaverill]

@torleif any interest in getting this done? I've re-triaged as affecting SilverStripe 4, because I assume it still does affect this when used with silverstripe/saml