I initiate a single-sign-on process from /sso
. After signing in at the remote identity provider I get redirected to /asc
with some post-data. But kirby response to the post request always with a 301 and i can’t process the post form-data.
Thanks in advance for any hints!
I have the following configuration:
'routes' => [
[
'pattern' => 'sso',
'action' => function () {
return startSSO();
}
],
[
'method' => 'GET|POST',
'pattern' => 'asc',
'action' => function () {
if (isset($_POST['SAMLResponse'])) {
processSSOResponse(); // **never executed**
} else {
var_dump($_SESSION['asc']);
return go('/welcome');
}
}
]
],
Are you sure $_POST
is not empty? What do you get when dump post data before isset
?
var_dump($_POST);
exit;
You are right, @ahmetbora.
$_POST is empty. But the first request (POST) is still redirected via 301 to a second request (GET), which executed your dump-code. (Please see my first screenshot)
The data is transferred as »Form Data« for the first request (POST) :
I use the OneLogin’s SAML PHP Toolkit and maybe the binding is also one part of the problem: php-saml/settings_example.php at b41ccc3c6e3386f31b7c333ca7cc45c3eddf5aec · onelogin/php-saml · GitHub
Oh, wait!
Looks like the 301 is coming from a redirect to https! I need to check this with my colleague from the identity provider.
We can close this thread. It was an issue on our end.