allow IDP to initiate login #297
Conversation
if the user starts the login process on the IDP, we always assume that the first configured IDP is used (this doesn't work for multiple IDP's for now) and tries to login the user. Signed-off-by: Bjoern Schiessle <[email protected]>
schiessle
force-pushed
the
allow-to-initiate-login-from-idp
branch
from
1272bde to
d468228
Compare
|
Thank you for this PR, we would be interested in this! There is a related discussion at #208. It is suggested that the I am also wondering whether the SAML best practice for the |
|
@blizzz can we help to get this reviewed and merged? IdP initiated login is currently broken. Many thanks! |
|
Just like @kvn, I'd like to add myself to this request. |
| $idp = $this->session->get('user_saml.Idp'); | ||
| $idp = $idp === null ? 1 : $idp; |
There was a problem hiding this comment.
| $idp = $this->session->get('user_saml.Idp'); | |
| $idp = $idp === null ? 1 : $idp; | |
| $idp = $this->session->get('user_saml.Idp') ?: 1; |
There was a problem hiding this comment.
I would not assume that 1 is always a valid id.
| @@ -243,11 +243,17 @@ public function getMetadata($idp) { | |||
| public function assertionConsumerService() { | |||
| $AuthNRequestID = $this->session->get('user_saml.AuthNRequestID'); | |||
| $idp = $this->session->get('user_saml.Idp'); | |||
| $idp = $idp === null ? 1 : $idp; | |||
| $auth = new Auth($this->SAMLSettings->getOneLoginSettingsArray($idp)); | |||
|
|
|||
| if(is_null($AuthNRequestID) || $AuthNRequestID === '' || is_null($idp)) { | |||
There was a problem hiding this comment.
is_null($idp) will now never be true, can be removed
if the user starts the login process on the IDP, we always assume that
the first configured IDP is used (this doesn't work for multiple IDP's
for now) and tries to login the user.
Steps to test:
-> Current behavior: You will see an error page
-> with this PR: you should be logged in