search

vivekrajenderan / simplesamlphp

Automatically exported from code.google.com/p/simplesamlphp
Other
0 stars 0 forks source link

parameters array is never populated in SimpleSAML_Utilities::redirect #603

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?

1.try adding a assert(count($parameters) > 0);
in /lib/SimpleSAML/Utilities.php:558

2.make an idp-initiated SSO by following the steps described in 
http://simplesamlphp.org/docs/stable/simplesamlphp-idp#section_11

What is the expected output?
after a successful login on the idp side i expect to receive the status of the 
user along with any attributes on the sp side by using the API as described 
here http://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_6

What do you see instead?
i always get SimpleSAML_Auth_Simple::isAuthenticated = false and no attributes 

What version of the product are you using? On what operating system?
im using the version from the svn repository
http://simplesamlphp.googlecode.com/svn/trunk/
simplesamlphp - Revision 3309: /trunk

on a debian linux box 

Please provide any additional information below.
both the idp and sp implement SSP library and they are set up in different 
machines 

try adding a assert(count($parameters) > 0);

in /lib/SimpleSAML/Utilities.php:558

in the logs i see this Exception 

Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 8 
[...]/lib/SimpleSAML/Error/Assertion.php:81 
(SimpleSAML_Error_Assertion::onAssertion)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 7 [builtin] (assert)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 6 
[...]/lib/SimpleSAML/Utilities.php:563 (SimpleSAML_Utilities::redirect)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 5 
[...]/lib/SimpleSAML/Utilities.php:689 
(SimpleSAML_Utilities::redirectUntrustedURL)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 4 
[...]/lib/SimpleSAML/Auth/Default.php:264 
(SimpleSAML_Auth_Default::handleUnsolicitedAuth)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 3 
[...]/modules/saml/lib/Auth/Source/SP.php:570 
(sspmod_saml_Auth_Source_SP::onProcessingCompleted)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 2 
[...]/modules/saml/lib/Auth/Source/SP.php:521 
(sspmod_saml_Auth_Source_SP::handleResponse)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 1 
[...]/modules/saml/www/sp/saml2-acs.php:196 (require)
Dec 05 11:53:22 simplesamlphp ERROR [8ef6f53ff5] 0 [...]/www/module.php:135 
(N/A)

there is only an assert for is_array which returns true because an empty array 
is still an array

/lib/SimpleSAML/Auth/Default.php:256
SimpleSAML_Auth_Default :: handleUnsolicitedAuth

state array is only being passed in the session
$session->doLogin($authId, self::extractPersistentAuthState($state));

and not in
SimpleSAML_Utilities::redirectUntrustedURL($redirectTo);

as expected in
/lib/SimpleSaml/Utilities.php:685
SimpleSAML_Utilities::redirectUntrustedURL($url, $parameters = array())

and later on checked in
/lib/SimpleSaml/Utilities.php:558
SimpleSAML_Utilities::redirect($url, $parameters = array(), 
$allowed_redirect_hosts = NULL)

Original issue reported on code.google.com by websurfe...@gmail.com on 5 Dec 2013 at 12:07

GoogleCodeExporter commented 8 years ago 
I'm not entirely sure that I'm following your logic, but as far as I can tell, 
you expect the state array to be added as redirect parameters? That is not the 
way it is supposed to work.

Instead, the state array is used to set up the session. It is then discarded, 
and we redirect to the URL we should redirect to after authentication.

The parameters-array is a convenience-argument to the redirect function, to 
make the common operation of redirecting to a handler with a specific query 
parameter set simpler. In this case, we do not have any extra query parameter, 
and thus the $parameters array will be empty.

Original comment by olavmrk@gmail.com on 6 Dec 2013 at 7:59