Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shibboleth.sso/Login requires redirect url as ?target=url, not as ?next=url #8

Open
KonstantinSchubert opened this issue Jul 30, 2014 · 8 comments

Comments

@KonstantinSchubert
Copy link
Contributor

I have set the LOGIN_URL to mydomain/Shibboleth.sso/Login

If I enter

mydomain/Shibboleth.sso/Login?target=redirectUrl 

I am being redirected corretly. Juding from my browser history, the automatic link created by this package is

mydomain/Shibboleth.sso/Login?next=redirectUrl

Strangely enough, I can't find the bug in the code, so it might as well have another cause.

See documentation here https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessionCreationParameters

This might be different for older versions of shibboleth.

@KonstantinSchubert
Copy link
Contributor Author

I am having the suspicion that in my views, the @login_required - wrapper activates the redirect of the default django login system instead of the django-shibboleth-remoteuser. I have the suspicion that this default login system is responsible for creating the malformed redirect url.

@lawlesst
Copy link
Contributor

I'll look into the target vs. next issue. Target works for us. This probably needs to be configurable.

For your second question, the default auth shouldn't be a problem. I don't deactivate it for our projects. Could you paste a snippet here showing how you are using it?

@KonstantinSchubert
Copy link
Contributor Author

Target works for me as well, the issue is that something in my software stack writes the url incorrectly with "?next="

mydomain/Shibboleth.sso/Login?next=redirectUrl

(See screenshot: screenshot from 2014-07-30 16 37 05
)

. Here are the relevant parts of my settings.py: http://pastebin.com/6zL6Nmb6

So I am trying to find the stupid thing that puts "next" in this url. Because your code correctly uses "target" : https://github.com/KonstantinSchubert/django-shibboleth-remoteuser/blob/master/shibboleth/views.py#L56

@KonstantinSchubert
Copy link
Contributor Author

The issue is solved if I replace

@login_required

with

@login_required(redirect_field_name='target')

The default value seems to be

django.contrib.auth.REDIRECT_FIELD_NAME='next' 

it might be possible to change this globlly in the settings. I tried adding

from django.contrib.auth import REDIRECT_FIELD_NAME
REDIRECT_FIELD_NAME = 'target'

but it had no effect.

@KonstantinSchubert
Copy link
Contributor Author

I think there is a better way to solve this: Make use of the login-view when logging in. The user should be routet via /shib/login/ in the same way it happens during the logout.

@jrhoads
Copy link
Collaborator

jrhoads commented May 15, 2017

It has been a couple of years since this issue was submitted (as well as the PR). @bcail and @KonstantinSchubert do you think this is still an issue or have things changed?

@audiolion
Copy link
Contributor

?next= definitely does not work with default Shibboleth implementations, it expects it to be ?target=

@ghost
Copy link

ghost commented Jun 15, 2017

Uncertain if the conditions are the same as OP, but this happens when the admin site is protected by Shibboleth. Basically, follow the setup in the readme with /admin in the Shibbolized Location directive, and add a urlconf like url(r'^admin/login/$', RedirectView.as_view(url=settings.LOGIN_URL, permanent=False, query_string=True)). This generates a redirect to the IdP with ?next= as parameter.

In this particular case, it seems to be due to a combination of an admin quirk (it does not honor LOGIN_URL) and not being able to pass redirect_field_name to RedirectView

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants