Currently, if the option to auto-provision users is not selected, and an unprovisioned user attempts to authenticated via SAML, they are redirected to the homepage.
This is problematic because in many cases, the homepage contains protected content and the user might get a generic access denied message, or even caught in an endless redirect loop for site that are configured to redirect 403 pages for unauthenticated users to SAML. The user also gets no additional information about why they weren't able to log in (related: #2296093: User not seeing the "Not yet entitled to access the site")
I think many sites could benefit from this redirect page being configurable. Patch to follow.
Comment | File | Size | Author |
---|---|---|---|
#5 | simplesamlphp_auth-2886630-5.patch | 3.85 KB | Maico de Jong |
#4 | simplesamlphp_auth-2886630-4.patch | 3.44 KB | Wilfred Waltman |
| |||
#3 | interdiff-simplesamlphp_auth-2886630-2-3.txt | 805 bytes | Dane Powell |
#3 | simplesamlphp_auth-2886630-3.patch | 4.05 KB | Dane Powell |
Comments
Comment #2
Dane Powell CreditAttribution: Dane Powell at Acquia commentedComment #3
Dane Powell CreditAttribution: Dane Powell at Acquia commentedWhoops, missed the fact that $config is available via service injection
Comment #4
Wilfred Waltman CreditAttribution: Wilfred Waltman as a volunteer commentedRerolled for version 3.1.0
Comment #5
Maico de JongRerolled for latest dev and 3.2.0
Was having the same issue as mentioned in #2296093, configurable is a good alternative for me.
Comment #6
marcvangendPatch works as advertised. Good to see that the default config and config schema files have not been forgotten. Thanks all.
Comment #7
manikandank03 CreditAttribution: manikandank03 as a volunteer commentedPatch #5 works fine for me.