moodle-auth_saml2 icon indicating copy to clipboard operation
moodle-auth_saml2 copied to clipboard
verified publisher icon catalyst

The redirect to the saml2-acs.php error page loses the URL you were trying to access

Open timhunt opened this issue 3 years ago • 1 comments

What happened?

Because of how our test servers are set up (@sammarshallou could supply more info about that) whenever we switch from live server to test, or back we hit the saml2-acs.php error page. The fact we see this error is our problem, but the usability of that page sucks.

Typically what you want to do next is to copy the URL you were trying to access into a new browser, but because you get redirected to this script to show the error, the original URL has been lost.

Please provide as many of the following as applies:

  • stacktrace
SAML2 exception: There was a system error when processing your login. Please close all browser windows, then try again. (Clash: cb7578255abc4148807476fd316fdcc1/daa2f3195bc74ab6a3bf2084bd2972de.)

More information about this error
Debug info: #0 [dirroot]/auth/saml2/.extlib/simplesamlphp/modules/saml/lib/Auth/Source/SP.php(1172): SimpleSAML\Auth\ProcessingChain->processState(Array)
#1 [dirroot]/auth/saml2/.extlib/simplesamlphp/modules/saml/www/sp/saml2-acs.php(268): SimpleSAML\Module\saml\Auth\Source\SP->handleResponse(Array, 'https://fidm.gi...', Array)
#2 [dirroot]/auth/saml2/sp/saml2-acs.php(34): require('/var/www/html/m...')
#3 {main}
Error code: exception
Stack trace:

    line 36 of /auth/saml2/sp/saml2-acs.php: saml2_exception thrown

What you expected:

Please could the URL you were trying to access be shown on this error-reporting page.

For maximum ergonomics, you could show it in a `.

Thanks for considering this.

timhunt avatar Jan 07 '22 13:01 timhunt

Tim can you flesh out the steps of how you are breaking it? I've never seen this exception which is why we've not put any effort into making it nice. This is deep in the simplesamlphp library code.

Saml is specifically designed to be able to work with multiple idps and swap between them or toggle them on or off, and also designed to work well when refreshing config and state between servers and keep working. So I'm more interested in how you are breaking it. We routinely do these things without issue on test envs.

One more thing, the error message shown I can't even find it in the source. I suspect that is actually a string being returned from your IdP?

brendanheywood avatar Jan 07 '22 23:01 brendanheywood