Going to re-paste my original post, in hope someone might find it useful.
I have encountered this issue today and hotfixed it for myself. Maybe it will help someone.
Please read below for hotfix solution and proposed more approppriate solution:
Mahara 17.04.2
Problem lies in including origin simplesalmphp repository auth/saml plugin without any changes whatsoever.
However simplesamlphp as it stands is using its way to generate URLs for ACS via:
Proper one should be the one you are getting when generating SP Metadata via Mahara/auth/saml plugin here:
https://<mahara_adress>/auth/saml/sp/metadata.php?output=xhtml
Which in this case equals to:
https://<mahara_adress>/auth/saml/sp/saml2-acs.php/default-sp
***
Hotfix was to hardcode proper AssertionConsumerServiceURL in:
Going to re-paste my original post, in hope someone might find it useful.
I have encountered this issue today and hotfixed it for myself. Maybe it will help someone.
Please read below for hotfix solution and proposed more approppriate solution:
Mahara 17.04.2
Problem lies in including origin simplesalmphp repository auth/saml plugin without any changes whatsoever.
However simplesamlphp as it stands is using its way to generate URLs for ACS via:
<mahara> /auth/saml/ extlib/ simplesamlphp/ modules/ saml/lib/ Auth/Source/ SP.php onConsumerServi ceURL(SimpleSAM L_Module: :getModuleURL( 'saml/sp/ saml2-acs. php/' . $this->authId));
189: $ar->setAsserti
Which results in wrong AssertionConsum erServiceURL generated:
<samlp:AuthnRequest xmlns:samlp= "urn:oasis: names:tc: SAML:2. 0:protocol"
xmlns: saml="urn: oasis:names: tc:SAML: 2.0:assertion"
ID= "_a976498d2ebe8 58cc56d486b5af2 085ed957f45c5a"
Version= "2.0"
IssueInst ant="2017- 08-10T13: 29:09Z"
Destinati on="https://<idp_url> /idp/profile/ SAML2/Redirect/ SSO"
Assertion ConsumerService URL="https://<mahara_ adress> /simplesaml/ module. php/saml/ sp/saml2- acs.php/ default- sp"
ProtocolB inding= "urn:oasis: names:tc: SAML:2. 0:bindings: HTTP-POST"
> adress> /mahara< /saml:Issuer> AuthnRequest>
<saml:Issuer>https://<mahara_
</samlp:
Proper one should be the one you are getting when generating SP Metadata via Mahara/auth/saml plugin here: adress> /auth/saml/ sp/metadata. php?output= xhtml
https://<mahara_
Which in this case equals to: adress> /auth/saml/ sp/saml2- acs.php/ default- sp
https://<mahara_
*** erServiceURL in:
Hotfix was to hardcode proper AssertionConsum
<mahara> /auth/saml/ extlib/ simplesamlphp/ modules/ saml/lib/ Auth/Source/ SP.php
188: $myPath = 'https://<mahara_ adress> /auth/saml/ sp/saml2- acs.php/ default- sp'; onConsumerServi ceURL(SimpleSAM L_Module: :getModuleURL( 'saml/sp/ saml2-acs. php/' . $this->authId)); onConsumerServi ceURL($ myPath) ;
189: // $ar->setAsserti
190: $ar->setAsserti
***
Proper solution would be patching appropriate classes/methods.
Just a quick info where these urls gets built:
~/svn/Mahara_ 1/trunk/ auth/saml/ extlib/ simplesamlphp/ modules/ saml/lib/ Auth/Source/ SP.php onConsumerServi ceURL(SimpleSAM L_Module: :getModuleURL( 'saml/sp/ saml2-acs. php/' . $this->authId));
189: $ar->setAsserti
~/svn/Mahara_ 1/trunk/ auth/saml/ extlib/ simplesamlphp/ lib/SimpleSAML/ Module. php Utils\HTTP: :getBaseURL( ).'module. php/'.$ resource
180: $url = \SimpleSAML\
~/svn/Mahara_ 1/trunk/ auth/saml/ extlib/ simplesamlphp/ lib/SimpleSAML/ Utils/HTTP. php >getString( 'baseurlpath' , 'simplesaml/');
509: $baseURL = $globalConfig-