Home » Download » Modules » Shibboleth authentication » Issues

Path to get back from IdP to the Drupal site is wrong

smithmb - October 15, 2009 - 13:08
Project:Shibboleth authentication
Version:6.x-3.3
Component:Code
Category:bug report
Priority:critical
Assigned:dorion
Status:closed
Description

Hello... we just updated from/to:
2c2
> // $Id: shib_auth.module,v 1.3.4.5.2.26 2009/05/07 12:21:58 martoni Exp $
---
< // $Id: shib_auth.module,v 1.3.4.5.2.30 2009/09/21 14:18:34 bajnokk Exp $

The following code change is sending our users back to a 404 every time they login:
297,302c292,293
> $actuallocation = (isset($_SERVER['HTTPS']) ? 'https' : 'http') .'://'. $_SERVER['HTTP_HOST'] . request_uri();
---
< $actuallocation = (isset($_SERVER['HTTPS']) ? 'https' : 'http')
< .'://'. $_SERVER['HTTP_HOST']
< . url('')
< . $url_prefix
< .'/shib_login/'
< . $_GET['q'];

Our Drupal site doesn't know anything about a "shib_login" part of any URI. For example, attempting to login while on page "node/6" the redirect goes to "http://our-site//shib_login/node/6" (notice the second double slash). That page is a 404. I marked this critical because it essentially breaks the flow of logging in; users will never get to where they were trying to go.

» Login or register to post comments

#1

smithmb - October 15, 2009 - 13:20

I've simply removed this part:
/* .'/shib_login/' */

Login or register to post comments

#2

bajnokk - October 15, 2009 - 13:54

I've found the problem. Please do not remove the shib_login part, just disable and re-enable the module.

This behaviour is caused by the menu cache not being updated. It should be done by running update.php but the module does not instruct it to do so. Will be corrected in a bugfix release shortly.

Login or register to post comments

#3

bajnokk - October 19, 2009 - 09:16
Assigned to:Anonymous» dorion
Login or register to post comments

#4

bajnokk - October 20, 2009 - 12:31
Status:active» fixed

Fixed in 3.3

Login or register to post comments

#5

smithmb - October 21, 2009 - 19:29

Thanks a ton!

Login or register to post comments

#6

vidr - October 26, 2009 - 18:19
Version:6.x-3.2» 6.x-3.3

shib_auth.module's $actuallocation (line 310) doesn't contain the destination; re. line 315 < . $_GET['q'];
Shouldn't it?

This may be related a failed update (see below), but the login link doesn't include any get variables.
I appended '?'.drupal_get_destination(); and that did the trick.
- . $_GET['q'];

+ . $_GET['q']
+ . '?'.drupal_get_destination();

Again this may be related to the failed update, but shib_auth was the only module that needed an update so maybe that's another issue.
Errors:
array_merge() [function.array-merge]: Argument #2 is not an array in /var/www/html/my-drupal/update.php on line 174.
Invalid argument supplied for foreach() in /var/www/html/my-drupal/update.php on line 338.

FYI: // $Id: shib_auth.module,v 1.3.4.5.2.31 2009/09/30 17:00:49 bajnokk Exp $

Sorry I can post those errors in a separate request if needed.

Thanks

Login or register to post comments

#7

System Message - November 9, 2009 - 18:20
Status:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.