OIDC Provider to SAML SP does not work
I have 3 machines :
- 1 is ODIC RP
- 1 is OIDC Provider + SAML SP
- 1 is SAML IdP
When trying to make a chain :
- Relying Party contacts OpenID Connect Provider then
- OpenID Connect Provider (configured as SAML SP) contacts SAML IdP
the final return does not work : ie SAML SP not calling his internal IdP
I propose a basic patch, which, in summary :
- happens before soring relay state in SAML SP (Portal/_SAML.pm)
- gets called URL
- if URL match with current portal URL, store it in relay state.
The patch is working, but maybe these points should be validated :
- make sure it is generic, in particular make sure the other way is working: SAML IdP calling an OIDC RP
- security: make sure we won't redirect to unsecure locations
- using CGI module may be improved ? (if the portal is to be made more generic and less adherence to apache)