diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm index ccb8032a1..bf00f3451 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Init.pm @@ -308,7 +308,10 @@ sub reloadConf { # Clean $req->pdata after authentication push @{ $self->afterDatas }, sub { - $_[0]->pdata( {} ) unless ( $_[0]->datas->{keepPdata} ); + unless ( $_[0]->datas->{keepPdata} or $_[0]->mustRedirect ) { + $self->logger->debug('Cleaning pdata'); + $_[0]->pdata( {} ); + } return PE_OK; }; diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm index 5dab3fbaa..81ec08870 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Issuer.pm @@ -82,10 +82,9 @@ sub _redirect { $self->logger->debug("Unauth request to $self->{path} issuer"); $restore = 1; $self->logger->debug('Processing _redirect'); - $self->logger->debug('Store issuer request'); $ir = $req->pdata->{ $self->ipath } ||= $self->storeRequest($req); $req->datas->{keepPdata} = 1; - $req->{urldc} = $self->conf->{portal}; + $req->{urldc} = $self->conf->{portal} . '/' . $self->path; } else { $self->logger->debug('Not seen as Issuer request, skipping'); @@ -126,8 +125,10 @@ sub _forAuthUser { } # Clean pdata: keepPdata has been set, so pdata must be cleaned here + $self->logger->debug('Cleaning pdata'); $req->pdata( {} ); $req->urlNotBase64(1) if ( ref($self) =~ /::CAS$/ ); + $req->mustRedirect(1); return $self->p->do( $req, [ @@ -143,6 +144,7 @@ sub _forAuthUser { sub storeRequest { my ( $self, $req ) = @_; + $self->logger->debug('Store issuer request'); my $info = {}; $info->{content} = $req->content; foreach ( keys %{ $req->env } ) { @@ -162,7 +164,8 @@ sub restoreRequest { } $req->{env} = {}; foreach ( keys %$env ) { - $self->logger->debug("Restore $_"); + $self->logger->debug( + "Restore $_" . ( ref $env->{$_} ? '' : "\t" . $env->{$_} ) ); $req->env->{$_} = $env->{$_} unless /^plack/; } } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm index 2625ad357..a0ff1784e 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Run.pm @@ -293,6 +293,7 @@ sub autoRedirect { # Redirection should be made if urldc defined if ( $req->{urldc} ) { + $self->logger->debug("Building redirection to $req->{urldc}"); if ( $self->_jsRedirect->( $req, $req->sessionInfo ) ) { $req->error(PE_REDIRECT); $req->datas->{redirectFormMethod} = "get"; diff --git a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t index 070edbb1b..5ea7b1bd3 100644 --- a/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t +++ b/lemonldap-ng-portal/t/37-CAS-App-to-SAML-IdP-POST.t @@ -11,7 +11,7 @@ BEGIN { } my $maintests = 12; -my $debug = 'error'; +my $debug = 'debug'; my ( $idp, $proxy, $app, $res ); my %handlerOR = ( idp => [], proxy => [], app => [] ); @@ -57,7 +57,6 @@ LWP::Protocol::PSGI->register( ); SKIP: { - skip 'Broken for now', $maintests; eval "use Lasso"; if ($@) { skip 'Lasso not found', $maintests; @@ -164,8 +163,19 @@ SKIP: { 'POST SAML response' ); my $spId = expectCookie($res); + ( $url, $query ) = expectRedirection( $res, 'http://auth.proxy.com' ); + ok( + $res = $proxy->_get( + '/', + accept => 'text/html', + cookie => "lemonldapidp=http://auth.idp.com/saml/metadata;lemonldap=$spId;$proxyPdata", + ), + 'Follow internal redirection' + ); + ( $url, $query ) = expectRedirection( $res, qr#http://auth.proxy.com(/cas/login)(?:\?(.*))?$# ); + skip; $url ||= '/'; # Follow internal redirection