If a user goes to /saml_login from a page where they have received an access denied message they still see the access denied message after they have logged in, even if they have the appropriate permissions. However, if they refresh the page, navigate away and then back, or simply try to access the same page again they will have all the access they are entitled to and not see the access denied message again.

This seems to have something to do with caching of permissions. It could be happening because the user is being redirected to these pages from the IdP directly. Perhaps there is an issue with the way the user is initialized by the simplesamlphp_auth module. Do they have all the right roles immediately?

Comments

geekwisdom’s picture

geekwisdom commented
Status: Active » Fixed

Removed the code that sent the ReturnTo parameter to SimpleSAMLphp for unauthenticated users, as well as the header() call for authenticated users, since both redirected the browser Drupal. Replaced with heavier reliance on the cookie and used drupal_goto(), which does an internal Drupal redirect.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

doublejosh’s picture

doublejosh commented

Would love to hear more!
RE: http://drupal.org/node/1373334#comment-6270406

snufkin’s picture

snufkin commented
Issue summary: View changes

Just for the record it seems like this has surfaced again at #1922694: Access denied when user logs in for first time or after cache cleared.