So im not familiar with saml. But on a Drupal site using this module and Office 365 as an IDP. I see that users are being redirected to the site homepage, ignoring the destination request, It looks like returnTo parameter is what its looking for however drupal gives a destination parameter for the same. Im not sure if this is an office 365 thing and that other IDP provide a returnTo and it also looks like the upstream library has a plugin solution for this see (https://github.com/onelogin/drupal-saml/issues/10).

So I'v attached a patch to handle this scenario, And its working in my scenario and I hope may be of some use.

CommentFileSizeAuthor
#7 handle-destination-parameter-2708425-7.patch577 bytesshawn dearmond
#2 handle-destination-parameter-2708425-1.patch573 bytesgavin.hughes

Issue fork saml_sp-2708425

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

gavin.hughes created an issue. See original summary.

gavin.hughes’s picture

gavin.hughes commented
StatusFileSize
new handle-destination-parameter-2708425-1.patch573 bytes
byrond’s picture

byrond commented

We needed the same functionality, so I applied this patch to 7.x-2.0-beta3. It is currently in our test environment and seems to be working well.

The only thing I would be concerned about is whether this opens a cross-site scripting vulnerability if someone uses an external URL in the destination parameter. Does it get sanitized by Drupal before we copy it into the returnTo parameter? Will saml_sp allow redirects to external URLs via returnTo?

byrond’s picture

byrond commented

My concern is unfounded. I tested the following URL, and I was not sent to the external site. So, I don't believe the patch adds any risk.

saml/drupal_login?destination=http%3a%2f%2fgoogle.com

merilainen’s picture

merilainen commented

Is this a duplicate of #2713595: Support returnTo on logout? That patch works if you define a returnTo parameter on the logout link.

byrond’s picture

byrond commented

It has been a while since I worked on this, and the issue you referenced looks familiar to me. I seem to remember that patch not working in our case, but I'm not sure. I no longer have access to the system where we required the functionality to do any further testing. The patches are different, so I would be hesitant to say that one of them solves both issues.

shawn dearmond’s picture

shawn dearmond commented
Version: 7.x-2.x-dev » 8.x-3.x-dev
StatusFileSize
new handle-destination-parameter-2708425-7.patch577 bytes

Hijacking this because it's been years.

Here's a patch for the 8.x-3.x version.

jrglasgow’s picture

jrglasgow commented

please create an issue fork (or two) and I will review

shawn dearmond’s picture

shawn dearmond commented

Will do.

I also noticed that the "returnTo" doesn't work either, actually. If I go to:

https://mysite.com/saml/drupal_login/my_idp?returnTo=search/login

It actually sends me to:

https://mysite.com/saml/search/login

I'll see about fixing that too.

Shawn DeArmond opened merge request !4

  • Shawn DeArmond authored 1947cd3 on 8.x-3.x 
    Issue #2708425 by Shawn DeArmond, gavin.hughes: Destination returnTo
jrglasgow’s picture

jrglasgow commented
Version: 8.x-3.x-dev » 7.x-3.x-dev
Status: Active » Patch (to be ported)

I the merge request to to the 8.x-3.x branch closed... if anyone want to create amerge request to get this added to the 7.x-3.x branch I will look at it.

  • Shawn DeArmond authored 1947cd3 on 4.x 
    Issue #2708425 by Shawn DeArmond, gavin.hughes: Destination returnTo
denix’s picture

denix commented

Great! Thanks for your efforts! What is the relation of this with #2973810: Force SAML Login redirection loop