Drupal 7 + SimpleSaml SSO After Login redirects to "Demo Example" page

Question

We have setup SimpleSaml with Drupal 7 as an IP to allow users to login to a 3rd party service using their Drupal credentials. Everything seems to be working up to the point where the user is entering their credentials on the Drupal login page however, once they login, they are redirected to the SimpleSaml "Demo Example" page. (module.php/core/authenticate.php)

All their details are correct and they are clearly authenticated but the redirect back to the 3rd party site never happens. We have checked, the 3rd party is sending the correct (encoded) data including the AssertionConsumerServiceURL.

The question is to figure out how to make Drupal to redirect back to the 3rd party url.

Libraries used:

simpleSAMLphp version 1.11.0
drupalauth for SimpleSAMLphp 1.7+ and Drupal 7.x
drupalauth4ssp (which comes with the drupalauth module)

Config:

SimpleSaml 2
store.type: sql
auth as: drupal-userpass
Apache is configured correctly
We are on Centos 
We have SSL offload implemented on our test environment which seems to be working ok
(Load balancer 443 offloads to Apache 80)

Content of authsources.php:

$config = array(

// This is a authentication source which handles admin authentication.
'admin' => array(
    // The default is to use core:AdminPassword, but it can be replaced with
    // any authentication source.
    'core:AdminPassword',
),
'drupal-userpass' => array(
        'drupalauth:External',

        // The filesystem path of the Drupal directory.
        'drupalroot' => '/var/www/html/',

    // Whether to turn on debug
        'debug' => TRUE,

        // the URL of the Drupal logout page
        'drupal_logout_url' => 'https://[drupal_domain]/user/logout',

        // the URL of the Drupal login page
        'drupal_login_url' => 'https://[drupal_domain]/user',

        // Which attributes should be retrieved from the Drupal site.

           'attributes' => array(
               array('drupaluservar' => 'uid',  'callit' => 'uid'),
               array('drupaluservar' => 'name', 'callit' => 'cn'),
               array('drupaluservar' => 'mail', 'callit' => 'mail'),
               array('drupaluservar' => 'field_user_firstname',  'callit' => 'givenName'),
               array('drupaluservar' => 'field_user_lastname',   'callit' => 'sn'),
               array('drupaluservar' => 'roles','callit' => 'roles'),
           ),
),

);

I am happy to post more info if required.

Answer 1

An old issue, but in case you haven't/didn't solve it. You should include the redirect URL into the RelayState SAML parameter

SAML request:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
            xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
            ID="_b6a80234ed663a4a818be0e80326ed4e0217b2fae4"
            Version="2.0"
            IssueInstant="2015-09-23T23:18:03Z"
            Destination="http://www.domain.com/saml_login/idp?destination=other_siteURL"

Drupal request:

www.domain.com/saml_login/idp?destination=other_siteURL (encode the destination)

Also you might need to remove some validations from the simplesamlphp Drupal module

i.e.

 // See if a URL has been explicitly provided in ReturnTo. If so, use it (as long as it points to this site). ?>

 if (( isset($_REQUEST['ReturnTo'] ) && $_REQUEST['ReturnTo']) &&
(valid_url( $_REQUEST['ReturnTo'] ) && stristr($_REQUEST['ReturnTo'], $base_url)))

Then Drupal will take you to: other_siteURL

Answer 2

There is a lot of hints what might be wrong here http://code.google.com/p/drupalauth/source/browse/trunk/drupalauth/lib/Auth/Source/External.php

Few things worth checking:

• "You must configure store.type in config/config.php to be something other than phpsession, or this module will not work" taken from line 17-19
• it seems that the redirect url is being generated on the line 335
• check lines 335 and 346 of the External.php file to see what values do you have there (you could use some debugging tool like Xdebug
• in overall debugging your code would shed more light on the issue you are facing